How to know if my server is secure?
I recently purchased a dedicated server and I got it at a really good price, because it's a server and it's going to be running software and a database for a new business, I need it to be secure out of the box.
I'm more familair with the OS now, and I've been able to install some packages I will need to run the server (mysql, php, apache, https, and I got a copy of webmin working on it.
I've been searching far and wide for a help with this, and I've found a bunch of guides for people running a GUI and not really using their linux machine as a server.
So I need to know,
1. Are there any accounts open that should be deleted? Like guest accounts, or ftp default users, etc? How can I find a list of accounts currently created on the server? I only need 1 account, the root account, nobody else should be able to have an account on the server because I will be the only one using it.
2. With the linux firewall, I want to basically just block all traffic to and from my machine unless it's on a port a specify. I was able to move my SSH login port from 22 to another port above 1050 as I read about people using the default port to just hack away at the root password all day, but are there other ports open that are just waiting to be attacked out of the box too? I would rather just have the whole machine on lockdown with all ports blocked except for port 80, webmin, and my ssh remote login port?
What else should I be looking to do?