Configured autid daemon to log administrator commands, password file changes, etc.
Lynis security audit software has been installed and configured in cron to send alerts about security warnings on the system. (All existing warnings have already been addressed).
ModSecurity for Nginx installed and configured. ModSecurity rulesets implemented: OWASP and Trustwave commercial ruleset. The former works with score-based detection, the former with signature-based detection.
LMD is setup to notify all website file writes for malware. It is coupled with ClamAV and uses it as scanning engine.
ClamAV in its turn has detection for CC structured data. Notifications for detected malware or structured data is sent to Slack #server.
ClamAV (with LMD signatures) is setup for daily scans of the whole system (without CC data) and website files (with CC data detection).