Member 14292504 wrote:What are all the services needed (apache ...)?
So, for starters, basically any application that you install should provide a list of dependencies. Most distros will attempt to auto-resolve dependencies, but there might be some (such as your SQL instance or, as you mention httpd) that you want to directly manage.
Member 14292504 wrote:I want to use MySQL , Can all applications use the same mysql server ?
Yes, that's part of the point. The concern is partially capacity, but mostly utilization.
Member 14292504 wrote:What is the best linux server that I need (ubuntu vps , other ...) ?
I suggest CentOS for these purposes. Opinions will obviously vary.
Member 14292504 wrote:How to secure this new server and it's applications ?
I have a one week class that I teach that covers about 1/3 of what it could/should for DoD RMF security compliance for Linux. You're not going to get an adequate summary in a forum post.
But, this being the interwebs and knowing you're unlikely to buy a book:
Assign file/folder permissions based on Least Privilege
Password complexity via PAM Cracklib
Learn to use iptables or firewalld and close everything you aren't actively using
Lock down root, utilize sudoers, and require passwords for sudo
Don't switch SELinux to permissive; learn to use semanage instead
Get a real TLS cert and enforce strong standards (TLS 1.1+, AES256, etc)
Setup an update script with a post-update notification for systemctl --failed
If at all possible, containerize all apps
Use a jump box and limit ssh access to that box (no VNC or DM, that's for plebs)
Do not let apps run as root, segment permissions
Learn to leverage AIDE
Encrypted data partitions to avoid side-channel exfiltration
Logs...dear god don't forget the logs...
By no means take this list as comprehensive; it's the baseline for what I'd consider a "security attentive" system that is exposed to the public internet today.
"Never attribute to malice that which can be explained by stupidity."
- Hanlon's Razor