SElinux, AppArmor, ufw, firewall-cmd, iptables, password-policies, security profiles, and application configuration files.
It's a lot to know. It seems a lot of people just disable most of it because it's too complicated.
Another part of it, is just keeping the security fixes and patches up to date. That isn't just a Linux thing, but applies
to Windows and Macs as well.
Then there is just user education, about spam emails, malicious links, ant-virus, malware, and just knowing
what to click on and what to avoid. Again, that isn't a Linux thing, but applies to all computers.