Re: system monitoring/security - possibly off topic

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Apr 21, 2020 at 12:23 PM bruce <badouglas@xxxxxxxxx> wrote:
>
> Hey Ed.
>
> Thanks for the reply.
>
> Regarding the security/monitoring issue.
>
> Here's my use case:
>
> I'm looking to have multiple servers.
> Servers would be running different apps for different purposes.
> All Servers running Fed
> -DB Server -mysql/mariadb
> -Server running webapps/httpd
> -Servers running compute operations
>
> All servers configured to run ssh - sshd_config properly configured to limit access
> All servers configured to run with minimal ports turned on
> All servers with selinux
>
> My goal would be to have a monitoring/security server/webapp
>  that allows a user to quickly "see" if there's an issue
>  with any of the servers/processes
>
> I think it makes sense to check/monitor/be alerted if:
>
> -there's a user attempt to access
> -there's a ddos on one of the webapps
> -there's a root/file issue
> -there's a port access issue
> -possible intrusion attempts
> -weird services used
> -any others???
>
>
> possible software/apps to be installed for security
> --rkhunter
> --failtoban
> --selinux
> --clamav -- although not sure the proect would need a mail server/platform
> --logMonitoring app (which one)
> --app to check file/dir/user settings (which one)
> --scanning app/service (which one)
>  ---for ports
>  ---for services
>  ---for log files
>  ---for user accounts
>
>
> I think it makes sense to try to define, or get my head around the things that should be checked out or monitored. Once I get these things nailed down, I can figureout the "best" process to be able to monitor the items, as well as display them in some sort of dashboard.
>
>
> I've looked over a number of different sites for rhel/ubuntu/fedora/etc..
> Most of the sites discuss hardening ssh, as well as looking over the services/ports, and managing the users/files/dirs.
>
> I'm thinking the things to check for::
>
> Users/User Accounts
> logins/access
> ports
> services/processes
> files/dirs -perms/user owner
> log files
> Any other things that should be checked/examined/considered?????
>
> Once I can get a good list of high level things to check for/secure, I can figure out the tools to use, as well as how to roll all of this up to some sort of dashboard.
>
> So my thought process will be:
> 1) Identify the high level things to check for/secure/monitor for the given Server Type
> 2) Identify the tools to run the scans for the Server Type
> 3) Figure out how to roll the results for each server to a "central monitoring/dashboard process"
>
> Does this make sense?
>
> Thoughts/comments welcome
>
      zeek? Security Onion?
>
> On Tue, Apr 21, 2020 at 9:49 AM Ed Greshko <ed.greshko@xxxxxxxxxxx> wrote:
>>
>> On 2020-04-21 21:33, bruce wrote:
>> > Not willing to step on toes. Is asking for opinions on tools to do system/security monitoring off topic? Been doing research, thought I'd ask here as well - if it's acceptable?
>>
>> Not off topic at all.
>>
>> Fedora supplies tools used in the area.  So, all you would need do is to outline your goals, what you've learned
>> in your research, and how you'd like to get help from the community.
>>
>> --
>> The key to getting good answers is to ask good questions.
>> _______________________________________________
>> users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
>> To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
>
> _______________________________________________
> users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux