CentOS

Hello,
Which parts of system and which log files must be monitored by an administrator? Are they enough?
Which commands are useful?
Why "lastlog" file content is something like: ?

Thank you.

i receive an email for every fail2ban hit and every ssh login

i have a nagios alert for every user change in all servers and for every password change in some sensible servers

in some servers i have maldet and others with really sensitive data we control files changes, like size change, new files, deleted files.


apache logs we manage with awstat and Google Analytics

BShT wrote: ↑

2020/10/09 13:49:45

i receive an email for every fail2ban hit and every ssh login

i have a nagios alert for every user change in all servers and for every password change in some sensible servers

in some servers i have maldet and others with really sensitive data we control files changes, like size change, new files, deleted files.


apache logs we manage with awstat and Google Analytics

How you monitor size change and etc?

i dont want to run maldet at a highly requested server farm

then i rsync some directories and scan then at 2 am

and mail me the rsync and maldet output

so i have a passive malware scan and a daily diff just like that

"2020/10/19 02:00:01 [25568] receiving file list
2020/10/19 02:03:40 [25570] >f.sT...... servicos/data/log/log-18-10-20
2020/10/19 02:03:40 [25570] >f+++++++++ servicos/data/log/log-19-10-20
2020/10/19 02:03:42 [25570] sent 70,233 bytes received 8,904,675 bytes 40,518.77 bytes/sec
2020/10/19 02:03:42 [25570] total size is 8,142,563,676 speedup is 907.26"

"scan completed on /data/maldet/: files 292502, malware hits 0, cleaned hits 0, time 14308s"