We run a small VPS hosting company, each vps is based on a fixed 18.04 template.
We run a honeypot, a fallow server, to verify the template continues to be secure. We look at it probably once a month seeing what has changed, any intrusion of any sort. It is literally a lazy "catches catch can" approach. Not the best.
I'd like to install a trip wire, where any activity or changes (I'd say suspicious activity/changes, but since the server is fallow, any changes/activity from norm are suspicious) - triggers an e-mail squirt that alerts us.
Is there a lightweight opensource package (I don't need monthly reports, or say forensics) that would run under Ubuntu 18.04 that does this sorta thing? Anyone brewed their own?
