As discussed in this thread I will probably be running a local only samba server and public webserver. What are the most important things to learn and install for security.

In my current local only samba server has clamav scan every night and email me the results. Also lm-sensors sends me temp info. I realize I probably need to learn what a normal log looks like and have something like logwatch but I currently know nothing about it.

Is my DSL/router enough of a firewall?

Do I need a rootkit hunter? if so I know nothing about them and would appreciate some insight on how to use them.

How can I have apt-get or something run every night to notify me about updates but not install them?

Anything else I need to know/learn/install?

Also I don't know but if you can guess but, how much traffic will a hobby site, for friends and family, hosting a photo album and wordpress be looking at? will it tax my ~ 720 kb/s upload DSL? I would guess at most 1 hit a day but obviously much more when I first tell people about it.