Hi/Morning.

This is a continuation of my looking to nail down what should be
Monitored/Scanned to secure a Fed server/VM.

I've looked over a number of Monitor apps (Solarwinds/Nagios/Zabbix/etc).
Can't really find a good list of the things that should be monitored, so
I've compiled the following list.

I'm thinking the monitoring/scanning process needs to check for,
 or handle the following:
-user attempts to access a system/ssh interaction/- logins/access
there's a ddos on one of the VM/webapps
rootkit/file issue
possible intrusion attempts
 -for ports
 -for log files
 -for user accounts
files/dirs -perms/user owner
log files
system/services   -- required services running... invalid services disabled
cron
dirs/files/filesystem
website
db
config file issues
rootkit issues
malware issues
vulnerability issues   -- vuls.io
selinux
partitions for the drive
firewall

mysqld

httpd

nfs

sshd

-php valid
-python valid
-package scan
-pip scan
-pecl scan
-should the libs be scanned?
-how to scan/check for/alert on invalid apps running?

config files -- valid/invalid

Feel free to add or comment on anything I've listed.

Once I narrow down the list, I'll figure out which tool/dashboard to use
for the Monitoring/Scanning. I might have to also have a separate Dashboard
(ELK?) to handle the log analysis/display.

Thanks
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

Reply via email to