I'm taking over as a system administrator on an existing LAMP server for a site with a number of individual applications. The person I'm replacing has done a pretty good job with security as far as I know, but I'd like to take any preventative measures I can.
With the OWSAP top ten web vulnerabilities as a good place to start, what are critical things to check? I'm looking for both high-level concepts as well as specific things to look for (e.g. file permissions, open ports).
Center for Internet Security (CIS) has extensive guides on how to secure Apache and MySQL. It include everything from file permissions, partition layout, log files best practices etc. For the OS hardening, you would find specific hardening advice for the specific OS as well. It doesn't mean like CIS is the end of the world but what it means is you will find a comprehensive list of security best practices that is not only high level but go on into as much detail as specific commands to run.
The good thing about CIS benchmarks is that once you implement the security settings, you can use many configuration bench-marking tools to audit the security settings against CIS configuration benchmarks. Nessus professional has such a service that I use regularly to audit my own servers.
I think the recommendations should be the same as for securing ANY web server...
This may be a duplicate of the canonical question, but I'll leave that to the mods:
https://serverfault.com/questions/212269/tips-for-securing-a-lamp-server
... Plus, change all the passwords.
.
