Is it true that a well setup Linux system is very hard to break into, not impossible, just hard to do?
That statement is true for any system.
oh ok fair enough thanks!
This is a vague question because Linux, unlike Windows, covers a huge range of possibilities from embedded wireless routers to multi-kiloton supercomputers, running any combination of software I can think of and lots I haven't. Linux is the 5-megabyte file your bootloader loads when you power on your computer. Everything else, everything, is application software.
I don't know of any serious vulnerabilities in the Linux kernel. Any which were discovered in the past were corrected quickly enough to not be seriously exploited. People don't usually bother trying to invade Linux itself, or even trying to root it -- they exploit known problems inside applications like Wordpress, Webmin, and the like to create and run their own programs on the server.
A properly configured Linux system can be extremely secure. You can take it pretty much as far as you like. You can even do things like install selinux, to prevent the execution of any software you don't trust.
And yes, you can make most any system as secure (or insecure) as you like.
Great thanks for your help.