As well as considering the physical server and it's operating system users must thinking in terms of application security. Especially for those applications which either contain sensitive data or those that provide access routes to the machine for an attacker.
Below is a set of guides for Apache webserver hardening.
A key approach discussed elsewhere in protecting data, both at rest - on disk - and in use - in memory, is to encrypt these data stores either as part of full disk encryption or as individual restricted encrypted mount points.
Below are further guides for specific hardening techniques for the MySQL database system.