I have a server that I want to use as a FTP backup for a database that will be uploaded every night. Also, the server is going to be used in my office as a test machine for my web development guys to test new things they are coding with PHP. The server has already been installed with Debian 5.0 (Lenny), ProftpD, Apache 2, MySql, PHP5 and PHPMyAdmin. The installation has the basic configurations setup with no tweaks at all. The only thing I configured was ProftpD with virtual users. I just wanted to know what steps can I take to secure this server? It's not going to be a production server for now, but once the web dev guys are done testing their code, I'll have to either reformat this or migrate this server to a production one, which will be placed online. Currently, it's behind a firewall already and only the ftp and ssh ports are open. I might as well learn how to secure it now, so when it does go into production, I'll already know what type of tweaks and changes that need to be done. I know that I should check the logs frequently but what else can I do to make sure this is as secure as possible? What tools and specific configurations can I do? Any help would be appreciated.