VERY LARGE QUESTION there franklin, let's take a stab at it.
1) IPTables on your machine will be a hugely useful effort to ensure that you or someone doesn't "accidentally" open a port/service that you didn't intend to be accessible via the internet. I often recommend a couple of easily config'd scripts to help with this task
2) Shutdown every service you don't need and tell xinetd to piss off or otherwise don't answer requests for other ports. 'chkconfig --list' on RedHat boxen is an easy way to figure out what services will be started. This also sublists the daemons that xinetd will answer on behalf of - very important!
3) Update, patch, secure, stay current. I don't know if you built from source or .RPM, but DO NOT FALL BEHIND in patches. Since you are running Apache, I MUST encourage you to stay up on openssl, openssh, perl, apache, php, mod_ssl, and other modules that you need. Only a few weeks ago there was a flurry of activity related to a rootable vuln in the openssl libs.
4) Use the security services that you can enable. Use 'tripwire' to catalog the binaries on the machine to notice if they get changed. Use an IDS such as 'snort' to detect when you are under attack. Use off-machine logging to ensure that your logs cannot be tampered with if you do get hacked.
Remember the first rule of every firewall is "deny all". Start there and you'll be much safer.
Good luck.
"Surfinbox Shares" - A fundraising program that builds revenue from dialup Internet users.
