Hey Ed. Thanks for the reply.
Regarding the security/monitoring issue. Here's my use case: I'm looking to have multiple servers. Servers would be running different apps for different purposes. All Servers running Fed -DB Server -mysql/mariadb -Server running webapps/httpd -Servers running compute operations All servers configured to run ssh - sshd_config properly configured to limit access All servers configured to run with minimal ports turned on All servers with selinux My goal would be to have a monitoring/security server/webapp that allows a user to quickly "see" if there's an issue with any of the servers/processes I think it makes sense to check/monitor/be alerted if: -there's a user attempt to access -there's a ddos on one of the webapps -there's a root/file issue -there's a port access issue -possible intrusion attempts -weird services used -any others??? possible software/apps to be installed for security --rkhunter --failtoban --selinux --clamav -- although not sure the proect would need a mail server/platform --logMonitoring app (which one) --app to check file/dir/user settings (which one) --scanning app/service (which one) ---for ports ---for services ---for log files ---for user accounts I think it makes sense to try to define, or get my head around the things that should be checked out or monitored. Once I get these things nailed down, I can figureout the "best" process to be able to monitor the items, as well as display them in some sort of dashboard. I've looked over a number of different sites for rhel/ubuntu/fedora/etc.. Most of the sites discuss hardening ssh, as well as looking over the services/ports, and managing the users/files/dirs. I'm thinking the things to check for:: Users/User Accounts logins/access ports services/processes files/dirs -perms/user owner log files Any other things that should be checked/examined/considered????? Once I can get a good list of high level things to check for/secure, I can figure out the tools to use, as well as how to roll all of this up to some sort of dashboard. So my thought process will be: 1) Identify the high level things to check for/secure/monitor for the given Server Type 2) Identify the tools to run the scans for the Server Type 3) Figure out how to roll the results for each server to a "central monitoring/dashboard process" Does this make sense? Thoughts/comments welcome On Tue, Apr 21, 2020 at 9:49 AM Ed Greshko <ed.gres...@greshko.com> wrote: > On 2020-04-21 21:33, bruce wrote: > > Not willing to step on toes. Is asking for opinions on tools to do > system/security monitoring off topic? Been doing research, thought I'd ask > here as well - if it's acceptable? > > Not off topic at all. > > Fedora supplies tools used in the area. So, all you would need do is to > outline your goals, what you've learned > in your research, and how you'd like to get help from the community. > > -- > The key to getting good answers is to ask good questions. > _______________________________________________ > users mailing list -- users@lists.fedoraproject.org > To unsubscribe send an email to users-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org >
_______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org