A security audit from scratch is potentially a big task. Ideally you would have a high level security policy which would feed into one or more technical documents covering security standards for Linux, Apache, networks etc. You would then audit against these standards, checking that everything was implemented correctly.
From your question, I'm assuming you haven't got any of these and you're in a position where you have to come up with a list of good things to audit against. For this purpose, I suggest you take a look at the security links provided near the top of the forum.