My view on securing a debian/ubuntu machine: