Security Best Practices Guide for Logging and Monitoring

<- Back to Security

Monitor Security History

The security history of your Droplet shows a record of actions that have been taken in an account. Within the history, users can find a record of actions taken within your account, such as user logins, password changes, and resource creation, augmentation, and deletion.

Each record includes the IP address of the device where the action originated and a correlative time stamp.

Rationale

Monitoring supports the detection of unusual activities that might indicate a security breach.

Impact

There are no adverse consequences by monitoring security history.

Audit Procedure

As of publication date, the only way to access the security history is through the cloud UI.

  1. Sign in to your DigitalOcean dashboard.
  2. Go to the Settings menu.
  3. Click the Security tab.
  4. The bottom of the page will have a table of your account’s security history. It will list the action taken, the user’s name, email address, and IP address, and the time the action was taken.

Remediation Procedure

Security History is enabled by default.

Back to the top

Back to Security Best Practices Guides Intro


Ensure Resource Monitoring

DigitalOcean Monitoring is a free, opt-in service that gathers metrics about Droplet-level resource utilization. It provides additional Droplet graphs and supports configurable metrics alert policies with integrated email Slack notifications to help you track the operational health of your infrastructure.

Rationale

Resource monitoring in important for many reasons, including:

  • Real-time Insights - Monitoring provides real time information on utilization and performance, enabling swift responses to anomalies or outages.
  • Performance Optimization - By analyzing metrics such as CPU utilization and memory usage, customers can optimize their applications for better speed and responsiveness.

Impact

Metrics agents typically consume system resources like CPU, memory, and network bandwidth to collect and transmit data. While usually minimal, this overhead can impact the performance of the server, especially if the server is already under heavy load or has limited resources.

Audit Procedure

Follow these steps to ensure monitoring is activated:

  1. Sign in to your DigitalOcean account.
  2. Select Droplets under the Manage menu.
  3. Click on the name of the Droplet.

The security monitoring page will display graphs of CPU percentages, memory use, disk input/output, and other metrics.

Remediation Procedure

Installing the Metrics Agent on a New Droplet

Using the Control Panel

To install the metrics agent during Droplet creation with the control panel, find the We recommend these options section and click Enable Monitoring. The metrics agent will be automatically installed and enabled during the Droplet creation process.

Using the API or CLI

If you are using the DigitalOcean API to create Droplets, set the ```monitoring``` attribute to ```true``` in the creation parameters to automatically install the metrics agent on the Droplet during creation. The Droplet creation section of the API documentation contains additional details.

  1. {
  2. "name": "example.com",
  3. "region": "nyc3",
  4. "size": "s-1vcpu-1gb",
  5. "image": "ubuntu-20-04-x64",
  6. "ssh_keys": [
  7. 289794,
  8. "3b:16:e4:bf:8b:00:8b:b8:59:8c:a9:d3:f0:19:fa:45"
  9. ],
  10. "backups": true,
  11. "ipv6": true,
  12. "monitoring": true,
  13. "tags": [
  14. "env:prod",
  15. "web"
  16. ],
  17. "user_data": "#cloud-config\nruncmd:\n - touch /test.txt\n",
  18. "vpc_uuid": "760e09ef-dc84-11e8-981e-3cfdfeaae000"
  19. }

If you are using doctl, the DigitalOcean command line client, to create Droplets with the ```doctl compute droplet create``` command, use the ```–enable-monitoring``` flag to enable monitoring.

Installing the Metrics Manually

You can also install the metrics agent manually on supported operating systems and versions. There is an installation script available that automatically detects the client operating system and configures repositories to install the agent.

Please refer to the How to Install the DigitalOcean Metric Agent guide for instructions.

Set up Resource Alerts

Set up resource alerts after installing the metrics agent to track the operational health of your infrastructure.

Back to the top

Back to Security Best Practices Guides Intro

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.