If I have a vps hosting with linux, what should I do to be sure it has platform security ?
I install a server (let's say tomcat), a database server (mysql) and then I deploy my application. Should I be concerned about some security issues ? I am talking about the platform security, not my software application
Thank you
You should apply the same security policy as for a physical server. Configure tomcat and mysql to listen on 127.0.0.1 only or use a firewall to allow only certain IPs to access these services directly. Keep the server and all services updated. Disable ssh password based authentication and use only key based authentication. Disable remote authentication for root user. Save the logs on a different machine. If possible use an IDS in front of your web server.
At the least, you'll want to secure SSH and lock down all other services/ports that you don't need, and keep your system up to date.
slicehost has a nice intro to basic setup for various distros: http://articles.slicehost.com/2008/1/30/centos-setup-page-1
with htaccess? remember to set noindex for your site.
for any web exposed ssh server use certificates.
Those are some of the basic things.