Monitor Security History
The security history of your Droplet shows a record of actions that have been taken in an account. Within the history, users can find a record of actions taken within your account, such as user logins, password changes, and resource creation, augmentation, and deletion.
Each record includes the IP address of the device where the action originated and a correlative time stamp.
Rationale
Monitoring supports the detection of unusual activities that might indicate a security breach.
Impact
There are no adverse consequences by monitoring security history.
Audit Procedure
As of publication date, the only way to access the security history is through the cloud UI.
- Sign in to your DigitalOcean dashboard.
- Go to the Settings menu.
- Click the Security tab.
- The bottom of the page will have a table of your account’s security history. It will list the action taken, the user’s name, email address, and IP address, and the time the action was taken.
Remediation Procedure
Security History is enabled by default.
Back to Security Best Practices Guides Intro
Ensure Resource Monitoring
DigitalOcean Monitoring is a free, opt-in service that gathers metrics about Droplet-level resource utilization. It provides additional Droplet graphs and supports configurable metrics alert policies with integrated email Slack notifications to help you track the operational health of your infrastructure.
Rationale
Resource monitoring in important for many reasons, including:
- Real-time Insights - Monitoring provides real time information on utilization and performance, enabling swift responses to anomalies or outages.
- Performance Optimization - By analyzing metrics such as CPU utilization and memory usage, customers can optimize their applications for better speed and responsiveness.
Impact
Metrics agents typically consume system resources like CPU, memory, and network bandwidth to collect and transmit data. While usually minimal, this overhead can impact the performance of the server, especially if the server is already under heavy load or has limited resources.
Audit Procedure
Follow these steps to ensure monitoring is activated:
- Sign in to your DigitalOcean account.
- Select Droplets under the Manage menu.
- Click on the name of the Droplet.
The security monitoring page will display graphs of CPU percentages, memory use, disk input/output, and other metrics.
Remediation Procedure
Installing the Metrics Agent on a New Droplet
Using the Control Panel
To install the metrics agent during Droplet creation with the control panel, find the We recommend these options section and click Enable Monitoring. The metrics agent will be automatically installed and enabled during the Droplet creation process.
Using the API or CLI
If you are using the DigitalOcean API to create Droplets, set the ```monitoring``` attribute to ```true``` in the creation parameters to automatically install the metrics agent on the Droplet during creation. The Droplet creation section of the API documentation contains additional details.
- {
- "name": "example.com",
- "region": "nyc3",
- "size": "s-1vcpu-1gb",
- "image": "ubuntu-20-04-x64",
- "ssh_keys": [
- 289794,
- "3b:16:e4:bf:8b:00:8b:b8:59:8c:a9:d3:f0:19:fa:45"
- ],
- "backups": true,
- "ipv6": true,
- "monitoring": true,
- "tags": [
- "env:prod",
- "web"
- ],
- "user_data": "#cloud-config\nruncmd:\n - touch /test.txt\n",
- "vpc_uuid": "760e09ef-dc84-11e8-981e-3cfdfeaae000"
- }
-
If you are using doctl, the DigitalOcean command line client, to create Droplets with the ```doctl compute droplet create``` command, use the ```–enable-monitoring``` flag to enable monitoring.
Installing the Metrics Manually
You can also install the metrics agent manually on supported operating systems and versions. There is an installation script available that automatically detects the client operating system and configures repositories to install the agent.
Please refer to the How to Install the DigitalOcean Metric Agent guide for instructions.
Set up Resource Alerts
Set up resource alerts after installing the metrics agent to track the operational health of your infrastructure.
