Everybody says that Linux is secure by default and agreed to some extend (It’s debatable topics). However, Linux has in-built security model in place by default. The default security offered by normal Linux distributions might not be enough for demanding server applications. So usually you need to tune Linux security setting up and customize as per your need, which will help to make more secure system if you know what you are doing (if you don’t know what you are doing you can end up with less secure system).
Here are links to some articles that give instructions how to tune Linux security:
An Introduction to Securing your Linux VPS
25 Hardening Security Tips for Linux Servers
20 Linux Server Hardening Security Tips
Server Hardening | Linux Journal