Securix monitor

Securix GNU/Linux Monitor script mind map

Get Started. It's Free
or sign up with your email address
Rocket clouds
Securix monitor by Mind Map: Securix monitor

1. One time tasks

2. Daily

2.1. Emerge-webrsync (GPG signed)

2.2. GLSA check (security advisories)

2.3. Check system binary consistency

2.4. Check Rkhunter warnings

2.5. Check Securix update

2.6. Check services running state

2.7. Check unsecure process on ports (telnet, ftp, ...)

2.8. Check files permissions

2.9. Find files or directories which have: world writeable permissions, suid or sgid bits, no user or no existing group

2.10. Is there new version of service daemon?

2.11. Services check by checksec.sh

3. Monthly

3.1. gpg check trustdb

4. Weekly

4.1. Check NTP, DNS, mail forwarding,... Servers availability

4.2. Rkhunter

4.3. Install security updates

4.4. rkhunter update

4.5. Compare running and latest emerged kernel version

4.6. Check disk/FS errors

4.7. Checksec.sh

5. Hourly

5.1. Disk space

5.2. Disk inodes

5.3. Syslog running

5.4. Bonding state

5.5. netstat problems (RX-DRP)

5.6. Processes hidden in system

5.7. New users, membership, assigned shell

5.8. Check available entropy for /dev/random

5.9. Firewall rules saved?

5.10. Routing or network setup saved?

5.11. System (cpu, motherboard, etc) temperature

6. Role specific tests