Hi/Morning. This is a continuation of my looking to nail down what should be Monitored/Scanned to secure a Fed server/VM.
I've looked over a number of Monitor apps (Solarwinds/Nagios/Zabbix/etc). Can't really find a good list of the things that should be monitored, so I've compiled the following list. I'm thinking the monitoring/scanning process needs to check for, or handle the following: -user attempts to access a system/ssh interaction/- logins/access there's a ddos on one of the VM/webapps rootkit/file issue possible intrusion attempts -for ports -for log files -for user accounts files/dirs -perms/user owner log files system/services -- required services running... invalid services disabled cron dirs/files/filesystem website db config file issues rootkit issues malware issues vulnerability issues -- vuls.io selinux partitions for the drive firewall mysqld httpd nfs sshd -php valid -python valid -package scan -pip scan -pecl scan -should the libs be scanned? -how to scan/check for/alert on invalid apps running? config files -- valid/invalid Feel free to add or comment on anything I've listed. Once I narrow down the list, I'll figure out which tool/dashboard to use for the Monitoring/Scanning. I might have to also have a separate Dashboard (ELK?) to handle the log analysis/display. Thanks
_______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org