Hi/Morning.

This is a continuation of my looking to nail down what should be Monitored/Scanned to secure a Fed server/VM.

I've looked over a number of Monitor apps (Solarwinds/Nagios/Zabbix/etc). Can't really find a good list of the things that should be monitored, so I've compiled the following list. 

I'm thinking the monitoring/scanning process needs to check for,
 or handle the following:
-user attempts to access a system/ssh interaction/- logins/access
there's a ddos on one of the VM/webapps
rootkit/file issue
possible intrusion attempts
 -for ports
 -for log files
 -for user accounts
files/dirs -perms/user owner
log files
system/services   -- required services running... invalid services disabled
cron
dirs/files/filesystem
website
db
config file issues
rootkit issues
malware issues
vulnerability issues   -- vuls.io
selinux
partitions for the drive
firewall

mysqld

httpd

nfs

sshd

-php valid
-python valid
-package scan
-pip scan
-pecl scan
-should the libs be scanned?
-how to scan/check for/alert on invalid apps running?

config files -- valid/invalid

Feel free to add or comment on anything I've listed.

Once I narrow down the list, I'll figure out which tool/dashboard to use for the Monitoring/Scanning. I might have to also have a separate Dashboard (ELK?) to handle the log analysis/display.

Thanks