Security auditing on Ubuntu 16.04? If not you should be. One great tool you can use in your arsenal is Lynis security auditing. Yes this is completely redundant with OSSEC wazuh and third party Cloud Trail audits, but there is no harm in triple checking.
Why the paranoia? Because you can’t completely rely on any one system imho so human spot checks, particularly on your endpoints (or honeypots #heh) is an essential part of the process. Plus at AWS you can create a temp “hot” AMI and tear the thing apart while it is in an ACL/Security Group cage, and then delete it without an attacker ever knowing.
Regarding Lynis security auditing, the ubuntu apt package for lynis (e.g. apt install) is still on version 2.1 and the current version is 2.6. First off 2.6 is much faster. Secondarily it gives a lot fewer false positives on Ubuntu 16.04.
My notes from:
# auditing -posts age CHECK THE LINK ABOVE sudo su apt install lynis wget -O - https://packages.cisofy.com/keys/cisofy-software-public.key | sudo apt-key add - apt install apt-transport-https echo 'Acquire::Languages "none";' | sudo tee /etc/apt/apt.conf.d/99disable-translations echo "deb https://packages.cisofy.com/community/lynis/deb/ xenial main" | sudo tee /etc/apt/sources.list.d/cisofy-lynis.list apt update apt upgrade lynis show version
Again – check your version! Note I specified xenial in my notes, because that particular server is on xenial. You might not be. Read the Lynis docs. And happy auditing!