I’m trying out a beta of Service Canary. It’s a simple python code install which then monitors for changes like new users added, service restarts, changes to firewall rules and more.
If a change is detected, it alerts you via email. For me anyway.
Pretty cool if something bad happens to your server out on the internet like malware creating new users or stopping and starting new services or even opening a new port via iptables.
I especially like the alerting feature for when changes do happen.
You could probably monitor for some of these things via logging but this particular service does appear to make it quite easy and fast to get things going with monitoring.
Have a look.