Gentoo to host forum software

[Qwantus]

I have played with Gentoo on and off for about two years as a workstation, but now I have been requested to build a server to run forums. I have complete control of what OS to use, but knowing all the security problems Microsoft has, I was thinking Gentoo would be a more secure OS.

My questions are...

1) With my limited knowledge of Gentoo, am I biting off more then I can chew? This server will be visable to everyone on the Internet, so I will need to secure it as much as possible but still allow my members to have access.

2) I am thinking of using PHPBB as my forum package with MySql. What pitfalls should I be concerned with and what suggestions would you make to secure the data of these two packages?

Thankx in advance.

[Catch-22]

if you're really really concerned about security you can check out Gentoo Hardened. I've never used it so I won't say any more about that.

If it's 'exposed' to the outside world there's obviously going to be a lot of people trying to penetrate it. There are a lot of bots that trawl google looking for insecure versions of bulletin board programs by their version numbers. You need to make sure you're always up to date with security announcements not just for phpbb but for php, apache, etc.Joining mailing lists like GLSA, etc. will help you out there. Also, given the number of people who managed to get caught up in the apache config move (or whatever you want to call it), it would be very handy to have a test box to check updates on *before* moving them to your live box. If it is spec'ed exactly (or at least similarly) the same as your production box you can have the test box compile the packages for the dev box so you don't need to worry about CPU load during emerges.

HTH