On Tue, Apr 21, 2020 at 12:23 PM bruce <badoug...@gmail.com> wrote:
>
> Hey Ed.
>
> Thanks for the reply.
>
> Regarding the security/monitoring issue.
>
> Here's my use case:
>
> I'm looking to have multiple servers.
> Servers would be running different apps for different purposes.
> All Servers running Fed
> -DB Server -mysql/mariadb
> -Server running webapps/httpd
> -Servers running compute operations
>
> All servers configured to run ssh - sshd_config properly configured to limit
> access
> All servers configured to run with minimal ports turned on
> All servers with selinux
>
> My goal would be to have a monitoring/security server/webapp
> that allows a user to quickly "see" if there's an issue
> with any of the servers/processes
>
> I think it makes sense to check/monitor/be alerted if:
>
> -there's a user attempt to access
> -there's a ddos on one of the webapps
> -there's a root/file issue
> -there's a port access issue
> -possible intrusion attempts
> -weird services used
> -any others???
>
>
> possible software/apps to be installed for security
> --rkhunter
> --failtoban
> --selinux
> --clamav -- although not sure the proect would need a mail server/platform
> --logMonitoring app (which one)
> --app to check file/dir/user settings (which one)
> --scanning app/service (which one)
> ---for ports
> ---for services
> ---for log files
> ---for user accounts
>
>
> I think it makes sense to try to define, or get my head around the things
> that should be checked out or monitored. Once I get these things nailed down,
> I can figureout the "best" process to be able to monitor the items, as well
> as display them in some sort of dashboard.
>
>
> I've looked over a number of different sites for rhel/ubuntu/fedora/etc..
> Most of the sites discuss hardening ssh, as well as looking over the
> services/ports, and managing the users/files/dirs.
>
> I'm thinking the things to check for::
>
> Users/User Accounts
> logins/access
> ports
> services/processes
> files/dirs -perms/user owner
> log files
> Any other things that should be checked/examined/considered?????
>
> Once I can get a good list of high level things to check for/secure, I can
> figure out the tools to use, as well as how to roll all of this up to some
> sort of dashboard.
>
> So my thought process will be:
> 1) Identify the high level things to check for/secure/monitor for the given
> Server Type
> 2) Identify the tools to run the scans for the Server Type
> 3) Figure out how to roll the results for each server to a "central
> monitoring/dashboard process"
>
> Does this make sense?
>
> Thoughts/comments welcome
>
zeek? Security Onion?
>
> On Tue, Apr 21, 2020 at 9:49 AM Ed Greshko <ed.gres...@greshko.com> wrote:
>>
>> On 2020-04-21 21:33, bruce wrote:
>> > Not willing to step on toes. Is asking for opinions on tools to do
>> > system/security monitoring off topic? Been doing research, thought I'd ask
>> > here as well - if it's acceptable?
>>
>> Not off topic at all.
>>
>> Fedora supplies tools used in the area. So, all you would need do is to
>> outline your goals, what you've learned
>> in your research, and how you'd like to get help from the community.
>>
>> --
>> The key to getting good answers is to ask good questions.
>> _______________________________________________
>> users mailing list -- users@lists.fedoraproject.org
>> To unsubscribe send an email to users-le...@lists.fedoraproject.org
>> Fedora Code of Conduct:
>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
>> https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
>
> _______________________________________________
> users mailing list -- users@lists.fedoraproject.org
> To unsubscribe send an email to users-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
