In the previous chapter, we explored how security vulnerabilities are captured, recorded, and tracked. We focused on so-called static analysis tools. These are tools that will help us identify security vulnerabilities in the code. But recall from Chapter 2 the quote from Thomas Schelling:

A person cannot… draw up a list of things that would never occur to him.

Our Moodle infrastructure will be under threat at any time and in ways we cannot predict. This calls for dynamic analysis, which is the subject of this chapter.

In this chapter, we learn how to monitor our Moodle infrastructure in real time. We start with an overview of key concepts and explain some of the key terms you will encounter. You will then be introduced to Grafana, a popular third-party tool that will gather data and help you analyze and visualize it. We will also learn how to configure alarms and alerts so that we can be notified if a security issue occurs.

In this chapter...

Monitoring typically requires the installation of data gathering “agents” at various points in the infrastructure – for example, on the Moodle server. Therefore, SSH access, with super user privileges, on a Moodle server is required for the Investigating Grafana section.

Infrastructure monitoring is essential for maintaining the availability, performance, and reliability of your organization’s IT infrastructure. Deploying infrastructure monitoring tools will help you identify and address issues with the Mathaholics platform before they lead to service disruptions. However, while the focus may be on infrastructure management, there are several cybersecurity implications to consider. Firstly, there are the positives:

• Early detection of anomalies: Infrastructure monitoring tools can help detect unusual or suspicious activities, which may be indicative of security incidents. This early detection can aid in preventing or minimizing the impact of cyberattacks. Machine learning (ML) techniques are often applied in an attempt to spot anomalies that a human might miss.
• Availability and reliability: By ensuring the infrastructure is functioning correctly, these tools contribute to the availability and reliability...

Grafana (https://grafana.com/) is an open source visualization tool, which we can use to monitor our Moodle infrastructure. As with Moodle, Grafana can be extended using plugins that allow you to consume data from different sources. Grafana will also allow you to build alert rules. There are two ways of using Grafana:

• Grafana Cloud: This is similar in concept to MoodleCloud, although Grafana Cloud is based on a “free forever” model, whereas MoodleCloud starts with a free trial (45 days), and then you will need to set up a paid subscription.
• Grafana self-managed: You will run a self-hosted version of Grafana, and your organization will need to bear the responsibility (including security) that comes with this.

Let us explore what Grafana has to offer by creating a Grafana Cloud account. Visit https://grafana.com/auth/sign-up/create-user and enter your details. Once your account has been created and you are logged in, click the Add...

For an overview of the variety of different infrastructure monitoring tools available today, check out the Gartner report at https://www.gartner.com/reviews/market/infrastructure-monitoring-tools.

Nagios

Originally launched in the late 1990s as NetSaint, Nagios is primarily a monitoring and alerting system, rather than an observability platform. The two systems can be used in parallel, with Nagios handling monitoring and alerting, and Grafana providing visualization and historical data analysis. Both Nagios and Grafana have commercial and open source (self-hosted) options. Visit https://www.nagios.com/solutions/security-log-monitoring for information on using Nagios for security log monitoring.

New Relic

An anagram of the company’s founder Lew Cirne, New Relic is much more an application performance monitoring tool, in the context of service-level management (rather than, say, levels of server load and CPU usage). For details...

As soon as a Moodle instance is live, it is susceptible to attack from threat actors. It isn’t a question of whether our site will be attacked but when. Rather than having to constantly monitor the Mathaholics platform 24/7, we can use infrastructure monitoring tools to keep an eye on the platform and alert us if there is any unexpected behavior happening. We started this chapter by learning the key concepts of infrastructure monitoring before moving on to setting up Grafana, a popular open source infrastructure monitoring and alerting tool.

Using Grafana as an example, we saw how all infrastructure monitoring tools are configured in similar ways – agents are installed to gather data on critical components (using the PoLP to ensure security), data from agents is consumed and stored in a data store, we build queries to extract data and transform it into information to give it meaning, and we visualize the information in a dashboard.

We also saw how anomalies...