Ian Forde <ian at duckland.org> wrote: >> That depends upon how you define malware detection. Antivirus software for Linux typically scans for Windows viruses and malware. On the other hand, if you're talking about detection in the sense of Tripwire, or a cron job that runs a 'rpm -V' every night, I completely agree that this is something that should be done. << Bingo. The changes made in PCI DSS v 1.2 broaden the scope of section 5 from "viruses" to "malicious software". This covers viruses, worms, trojans, spyware, rootkits, etc. Use of AIDE or Open-Source Tripwire, with a carefully set up policy, should meet the requirements. I would write an "explanation of non-applicability" that states that CentOS is at low risk of infection by viruses and only slightly higher risk of infection by worms, and that implementation of a host filesystem integrity verification system (or host intrusion detection system) provides an appropriate control to alert administrators to unauthorised changes of any kind on the system. Add appropriate verbiage about SELinux, etc. if appropriate. I'd say that should get the job done. Best, --- Les Bell [http://www.lesbell.com.au] Tel: +61 2 9451 1144 FreeWorldDialup: 800909