Well, it comes with default security like patches for some known exploits however you’ll need to ensure your system is up to date by executing the
commands. Additionally, if you have installed any services like Apache,Nginx,Exim etc. you’ll need to keep them up to date. The vendors themselves are patching any known vulnerabilities however you’ll need to again keep everything most up to date.
Another thing you can do is, keep the ports you are using closed unless you otherwise don’t need to and that’s only for the server side.
If you have any applications, like websites and most likely you’ll need to, you’ll need to take other precautions depending on the CMS, if you are using. If you aren’t then you’ll need to make sure your code is updated approriatly depending on the new exploits in PHP,PERL,Python etc. that come one.
To summarize, it really depends but most importantly everything needs to be up to date.