We have just setup a web server ( Rehdat 6 , apache 2,0 , PHP , mysql ) , all are standard setting , but no need to do HA , backup & restore is solved.

I just thinking is there any improvement that I can do to make it run better , in the aspect of security , performance , reliable etc , eg. is there any package that I can install to monitor the security , what security issue that I need to concern ? is there script that I should develop to monitor the performance .. etc

I am new to web server deployment , could advise what admin task that I should do for a web server ?

No need provide the detail step to do it , just would like to know what I should do .

Very thanks

Check out manuals from redhat. They are pretty good.

Get your selinux setup nicely and then tweak your httpd.conf, the apache manuals are pretty good there.

Search for some hardening apache resources as well.

except this , what I need to do in redhat server side ? thanks

Well after that, you setup iptables as strict as you can, maybe install something like tripwire, ossec, add an external firewall and monitor your audit, secure and webserver logs like crazy.

I don't believe in all the security by obscurity stuff. But i do believe in keeping things as standard to the base operating system base as possible with only the packages you need installed and always updated, but most importantly monitor the logs.

Many hacked servers are hacked mostly because of old software and not monitoring logs to detect and remedy early enough.

If you want to go further, get some application firewall going like mod_security and external monitoring with something like snort.

Honestly though so far in 1 year of my server being hooked up, snort goes crazy for many alerts but most those things are false because the firewall drops the packets anyway then onto the server side, 100% of problems or hack attempts so far have been people running scripts like wootwoot and zmeu and the odd few trying to connect as a proxy.

I have now got zmeu and wootwoot totally blocked via ip tables and only so often still see the proxy attempts, since i don't have the server configured as a proxy, i ignore those most the time.

But everyday i check my logs to see what people try doing. Log monitoring is the hardesk and unfortunately the most boring of sys admin work but the most important.

Other than that html content should have strict permissions. So don't set directory and file permissions 777. I set user and group to root and read permission only to apache unless strictly required otherwise. In that case i leave owner asroot and allow access via acl using setfacl etc. Load your temp directory on a seperate partition and set it to noexec in fstab.

As you can see there are tons of stuff but lots of it is not directly related to your question, hence for the other general sysadmin stuff, do read the redhat manuals. They really cover about 80% of what you need.