Hey Ed.
Thanks for the reply.
Regarding the security/monitoring issue.
Here's my use case:
I'm looking to have multiple servers.
Servers would be running different apps for different purposes.
All Servers running Fed
-DB Server -mysql/mariadb
-Server running webapps/httpd
-Servers running compute operations
All servers configured to run ssh - sshd_config properly configured to limit access
All servers configured to run with minimal ports turned on
All servers with selinux
My goal would be to have a monitoring/security server/webapp
that allows a user to quickly "see" if there's an issue
with any of the servers/processes
I think it makes sense to check/monitor/be alerted if:
-there's a user attempt to access
-there's a ddos on one of the webapps
-there's a root/file issue
-there's a port access issue
-possible intrusion attempts
-weird services used
-any others???
possible software/apps to be installed for security
--rkhunter
--failtoban
--selinux
--clamav -- although not sure the proect would need a mail server/platform
--logMonitoring app (which one)
--app to check file/dir/user settings (which one)
--scanning app/service (which one)
---for ports
---for services
---for log files
---for user accounts
I think it makes sense to try to define, or get my head around the things that should be checked out or monitored. Once I get these things nailed down, I can figureout the "best" process to be able to monitor the items, as well as display them in some sort of dashboard.
I've looked over a number of different sites for rhel/ubuntu/fedora/etc..
Most of the sites discuss hardening ssh, as well as looking over the services/ports, and managing the users/files/dirs.
I'm thinking the things to check for::
Users/User Accounts
logins/access
ports
services/processes
files/dirs -perms/user owner
log files
Any other things that should be checked/examined/considered?????
Once I can get a good list of high level things to check for/secure, I can figure out the tools to use, as well as how to roll all of this up to some sort of dashboard.
So my thought process will be:
1) Identify the high level things to check for/secure/monitor for the given Server Type
2) Identify the tools to run the scans for the Server Type
3) Figure out how to roll the results for each server to a "central monitoring/dashboard process"
Does this make sense?
Thoughts/comments welcome
Here's my use case:
I'm looking to have multiple servers.
Servers would be running different apps for different purposes.
All Servers running Fed
-DB Server -mysql/mariadb
-Server running webapps/httpd
-Servers running compute operations
All servers configured to run ssh - sshd_config properly configured to limit access
All servers configured to run with minimal ports turned on
All servers with selinux
My goal would be to have a monitoring/security server/webapp
that allows a user to quickly "see" if there's an issue
with any of the servers/processes
I think it makes sense to check/monitor/be alerted if:
-there's a user attempt to access
-there's a ddos on one of the webapps
-there's a root/file issue
-there's a port access issue
-possible intrusion attempts
-weird services used
-any others???
possible software/apps to be installed for security
--rkhunter
--failtoban
--selinux
--clamav -- although not sure the proect would need a mail server/platform
--logMonitoring app (which one)
--app to check file/dir/user settings (which one)
--scanning app/service (which one)
---for ports
---for services
---for log files
---for user accounts
I think it makes sense to try to define, or get my head around the things that should be checked out or monitored. Once I get these things nailed down, I can figureout the "best" process to be able to monitor the items, as well as display them in some sort of dashboard.
I've looked over a number of different sites for rhel/ubuntu/fedora/etc..
Most of the sites discuss hardening ssh, as well as looking over the services/ports, and managing the users/files/dirs.
I'm thinking the things to check for::
Users/User Accounts
logins/access
ports
services/processes
files/dirs -perms/user owner
log files
Any other things that should be checked/examined/considered?????
Once I can get a good list of high level things to check for/secure, I can figure out the tools to use, as well as how to roll all of this up to some sort of dashboard.
So my thought process will be:
1) Identify the high level things to check for/secure/monitor for the given Server Type
2) Identify the tools to run the scans for the Server Type
3) Figure out how to roll the results for each server to a "central monitoring/dashboard process"
Does this make sense?
Thoughts/comments welcome
On Tue, Apr 21, 2020 at 9:49 AM Ed Greshko <ed.greshko@xxxxxxxxxxx> wrote:
On 2020-04-21 21:33, bruce wrote:
> Not willing to step on toes. Is asking for opinions on tools to do system/security monitoring off topic? Been doing research, thought I'd ask here as well - if it's acceptable?
Not off topic at all.
Fedora supplies tools used in the area. So, all you would need do is to outline your goals, what you've learned
in your research, and how you'd like to get help from the community.
--
The key to getting good answers is to ask good questions.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
