All Questions
Tagged with monitoring security
47
questions
-1
votes
3
answers
222
views
Monitor web server directories for changed / new files
TL;DR: Is there an easy why to monitor directories for new/changed/deleted files?
Details: A simple WordPress website on a virtual server got hacked. Nothing too serious. No important project / data ...
1
vote
0
answers
132
views
aws guardduty some alerts won't notify on slack
I have recently setup aws guardduty with slack notification using this guide right https://medium.com/@damitj07/how-to-create-a-slack-alert-for-guardduty-49d542927529, there were a few issues with the ...
0
votes
1
answer
115
views
Ansible security best practices for monitoring
I have several servers at home. I would like to have one computer that will monitor activity on those and notice me if something is wrong. For that reason I install ansible there. In order to have ...
1
vote
1
answer
126
views
how to monitor a secure lab's machine and product's log files from my organization laptop?
I'm trying to find a solution that will help me to monitor the product's machines and log files in each one of them. here are some fact about my working environment:
I have a product that's installed ...
0
votes
1
answer
110
views
Is there any tool or service for checking your server's version and detect vulnerabilities and patches? [closed]
I am looking for a tool or something like a server/control panel that can list all the infrastructure I am using and its version (i.e. Redis Server version 6.4.x). It would be useful in order to get a ...
0
votes
0
answers
39
views
Is it possible to ensure detection and logging of all attempts to copy data out of a system?
Say I have a server set-up for processing sensitive data. The few authorised users of the system are instructed not to copy any of the sensitive data out of the platform, but could in principle do so ...
-1
votes
1
answer
31
views
Securing System Monitoring wall display PCs
I have several windows machines which drive dashboards on wall mounted displays for system and network monitoring. I would like to be able to secure them from unauthorized access or modification. ...
0
votes
1
answer
102
views
Enforcing monitoring on AWS resources
We have a couple huge AWS accounts and I've been tasked with implementing guidelines for monitoring resources and ensuring that monitoring is set up for all existing and future resources.
Is there ...
1
vote
3
answers
7k
views
Someone just trying to hack me? login.cgi+wget
I'm build a new server on Apache, actually I am learning, so I'm trying different things. My security system is already done, but of course I may miss something, or, if not, I do understand that today ...
0
votes
1
answer
354
views
Azure Security Center - Would the Monitoring Agent work on AWS and GCP VMs
I'm looking at Azure Security Center. I know it can be used to monitor not just VMs on Azure, but also VMs outside of Azure using an installable Monitoring Agent.
My question is whether this agent ...
0
votes
0
answers
1k
views
OSSEC - Not seeing alerts on the Server from file changes on the Agent
I have an OSSEC server and Agent installed and configured. I have imported the key to the Agent and they appear to be communicating. However, I am trying test the file integrity monitoring feature and ...
0
votes
1
answer
40
views
Fetch changelogs for multiple Linux distros?
I'm trying to build a service that can take a distro, package, and a version number, and use that information to check if there's an active CVE out for that tuple.
after some searching, I've found ...
0
votes
0
answers
78
views
How to securely gather multiple servers data for monitoring
I got an 'admin' server where all admin GUI can be accessed.
I also have 2 other servers, 1 web and 1 db. As I expand for a nodejs server/api, I was wondering how could I transfer servers information ...
0
votes
1
answer
49
views
Monitoring stats published on our site, should we?
So this could also fit @InformationSecurity as some concerns are related to security. We are building the website for our gameserver hosting project and we would like to be as transparent as possible ...
0
votes
1
answer
123
views
How do I monitor for security updates for an uninstalled Debian package
I'm looking after a server which has a customised package, based on a patch against an upstream debian package from a different version of debian to what the server actually runs. I want to make sure ...
0
votes
1
answer
321
views
Security Test and Monitoring for AWS EC2 running SFTP using OpenSSH? [closed]
I have an EC2 Instance that is running SFTP via OpenSSH on Amazon Linux (CentOS). I'd like to run some tests to check for vulnerabilities that I'm not aware of, and I'd like to run monitoring software ...
-1
votes
1
answer
3k
views
How do I execute monit commands from a shell script without root access?
I've installed and configured monit on a Debian server and opened the http service to localhost and gave rw permissions to the group "monit". I created this group and added myself to this group.
The ...
1
vote
1
answer
1k
views
Monit sshd binary Checksum Check and Restart
I'm going over a monit config file and something doesn't seem right. I'm using monit to monitor the checksum of the sshd binary, if its different from whats expected it should reload a known binary. ...
-2
votes
3
answers
2k
views
Is there a GUI tool to log and view outgoing CURL requests from a Linux server? [duplicate]
I've seen several similar questions - but none that truly answer the question. So here goes:
PROBLEM:
A script is being run on one of our servers that is making outgoing post (and other) requests ...
1
vote
1
answer
69
views
is there a tool for windows 7 that can find which program is modifying a particular file [duplicate]
My system is infected by a malware that keeps modifying a particular configuration file. Is there a way/tool to find out which program is making change to a particular file?
I am simply looking for a ...
0
votes
1
answer
422
views
Centralised log monitoring for linux servers [closed]
I've read several QA on this site about monitoring servers, but I found out, that none of them centralises all the logs I want to watch.
To describe my situation:
10 linux hosts
Using logwatch to ...
-1
votes
1
answer
370
views
Alerting on threshold crossing?
We are using logstash + elasticsearch + Kibana to parse, store and view our logs respectively.
Now, we want a notification/alert when a threshold for a particular log or threshold for a particular ...
0
votes
2
answers
105
views
making sure that iptables is running
Is there a tool for monitoring that iptables (or shorewall or similar) is up and running with a core set of important rules? I need something which alerts me either if the firewall goes donw ...
2
votes
1
answer
744
views
Remote disk monitoring with WMI without admin rights
I am setting up a restricted WMI group that should be able to read WMI information from my remote hosts.
I have the group set up as member of the remote DCOM and performance monitor groups. I also ...
1
vote
3
answers
2k
views
Apache httpd server 'is it possible': Alert on specific condition in access/error log
I'm just wondering is it there some module which can detect certain event in access/error log and if it matches it, to send an email with information.
example:
I want to detect when someone makes ...
5
votes
4
answers
142
views
Monitor someone on server
Im in the unfortunate position of having to give someone who I do not fully trust privileged access to a webserver to finish work that they never completed.
They will access the server remotely (ie I ...
3
votes
1
answer
236
views
What is the best way to determine server resources each remote user is using
I manage some Win2008R2 servers on the network for my department. Each server usually has 10 - 20 users at a time connected to it. They are nothing more than locked down file servers on the domain.
...
1
vote
2
answers
2k
views
What are the important log files to monitor for security purposes on a web server?
I have looked at many logs and it seems that some of them are more relevant for monitoring purposes against hackers. The ones I found are:
-auth.log
-mail.log: if i'm running a mail server, will this ...
0
votes
1
answer
1k
views
What is wrong with my Watcher (incron-like) daemon?
I have installed Watcher this way: both watcher.py and watcher.ini are located in /etc
I also installed pyinotify and it does work when I use python -m pyinotify -v /var/www
However, I want to use ...
0
votes
1
answer
382
views
Is there a ready-made inotify program to monitor changes on a directory?
I am trying to understand how inotify works and it seems that you need to program stuff in C for it to work.
Since I don't know C, I was wondering if there is a program or script already made to ...
-3
votes
1
answer
255
views
what are the must have applications for an intermediate devop? [closed]
Over the past year my responsibilities have grown from managing 5 servers to 20+. Most all of these are either on EC2 or Linode and they all serve different purposes. Some are on CentOS and others on ...
0
votes
4
answers
791
views
How to determine the cause of high resource usage for two hours last week?
I know there are several tools I can use to find out what's causing heavy network and CPU usage right now, but every so often on my server I'll check the logs and notice that there were periods of ...
5
votes
1
answer
330
views
Exchange security monitoring tools [closed]
I am trying to identify tools that can perform security monitoring of Exchange. Ideally, the tools should be able to pick up things like:
permission changes for high risk mailboxes
multiple ...
0
votes
1
answer
524
views
How can I monitor the network on ESXi node for connections and find the source of a ddos attack
I'm looking for something fairly simple to install, that will monitor network traffic on the vswitch for my esxi node as we're getting ddosed and I need to be able to easily see where the traffic is ...
1
vote
2
answers
3k
views
SNMP vs WMI security
Windows 2008 and 2003 servers. Would like to monitor server health remotely over internet. The monitoring computer may change IP(non-static IP). Trying to decide SNMP or WMI. SNMP seems to only allow ...
0
votes
1
answer
425
views
outgoing DNS flood targeted to non-ISP hosts
Below is the specific traffic monitored at the network perimeter and originating from a user PC on Vista platform.
My question is not about the effects of the flood, but about the nature of the ...
2
votes
4
answers
355
views
What are the "must " security tools for small organizations?
One of my friend has started a company, it's a small-scale company that has a 40 workers.There is two guys also responsible for the security and IT related issues.He is managing the LAN, Webpage of ...
7
votes
6
answers
6k
views
Monitor the shell activity of a user on your Unix system?
Trust, but verify.
Let's say I want to hire someone a sysadmin, and give them root access to my Unix system.
I want to disable X windows for them, only allow shell usage (through SSH, maybe), so that ...
2
votes
1
answer
1k
views
How do you avoid/detect DNS hijacking? (aka latest twitter hack)
It is all over the news today that Twitter was hacked by a DNS redirection/hijacking.
My question is, what tools or techniques do you guys use to monitor your DNS/whois and detect this kind of ...
1
vote
5
answers
221
views
Network Monitoring and Filtering [closed]
As the IT administrator for my company I have been tasked with deciding what traffic to filter, shape, and othewise monitor on our network. What protocols, applications, and other network traffic do ...
0
votes
3
answers
131
views
Monitor communication to outside the network
I work at a place where they have access to very sensitive data and think a lot about security. I dont want to ask bc they may lie, is there software to monitor data such as email (pop/imap AND ...
-1
votes
5
answers
184
views
System Access Monitoring Software [closed]
Are there any programs that you would recommend that monitor access to your computer from the network? Windows XP Professional My "monitor" I mean log system access from he network. What folders and ...
3
votes
5
answers
1k
views
Positive vs. negative monitoring
Ive been looking at monitoring for a while. My org didnt have any before i came other than 'whered my yahoo go'. It appears that most packages out there focus on negative monitoring (ie, this ...
0
votes
1
answer
492
views
Safely Grant Access to SQL 2005 Replication Monitor to Create Snapshots
0 vote down
star
I have a database that I'm publishing to a remote site using Snapshot replication (only method that will work given the application and database schema). Because the replica ...
24
votes
7
answers
35k
views
Monitor an incoming SSH session in real time
Is there any linux software to monitor an incoming ssh session. At a previous job I was told that if you ever needed support from Red Hat for example you could have them SSH into your machine and you ...
0
votes
2
answers
373
views
Secure way to monitor and restart services that require password
Sometimes when the power goes out and the UPS dies before it goes back on, some services on our servers don't come back up. Namely some VMware virtual machines.
I was thinking of setting up a ...
5
votes
15
answers
3k
views
How can I be notified if somone is attempting to hack into a Linux server? [closed]
I'd like to be notified via email if our Linux servers are under any kind of hacking attempt or service attack. Is there some kind of all-in-one solution that can monitor for suspicious activity and ...