[CentOS] PCI/DSS compliance on CentOS

Fri May 25 18:27:43 UTC 2012
m.roth at 5-cent.us <m.roth at 5-cent.us>

Ken godee wrote:
> wow, seems like quite a lot.

Heh. When I was working for the company, I had a guy who sat in easy
earshot who was one of their folks who dealt with questions from companies
and businesses. The *easiest* one, the lowest level, was 60 or 63
questions. The serious, highest one was over 220, and really required
people on at least our level to answer some of them.

        mark
>
> What "level" of PCI/DSS compliance are you going for?
>
> The only other thing I might add....
>
> Are you hosting the hardware? If it's
> hosted else where then the "facility" that's
> hosting the hardware needs to be PCI/DSS complaint.
>
> On 5/25/2012 10:22 AM, Arun Khan wrote:
>> I have a client project to implement PCI/DSS compliance.
>>
>> The PCI/DSS auditor has stipulated that the web server, application
>> middleware (tomcat), the db server have to be on different systems.
>> In addition the auditor has also stipulated that there be a NTP
>> server, a "patch" server,
>>
>> The Host OS on all of the above nodes will be CentOS 6.2.
>>
>> Below is a list of things that would be necessary.
>>
>> 1. Digital Certificates for each host on the PCI/DSS segment
>> 2. SELinux on each Linux host in the PCI/DSS network segment
>> 3. Tripwire/AIDE on each Linux host in the PCI/DSS segment
>> 4. OS hardening scripts (e.g. Bastille Linux)
>> 5. Firewall
>> 6. IDS (Snort)
>> 6. Central “syslog” server
>>
>> However, beyond this I would appreciate any comments/feedback /
>> suggestion if you or your organization has undergone a PCI/DSS audit
>> and what are the gotchas that you encountered, especially with respect
>> to CentOS/ open source stack.
>>
>> I came across this which kind of brings out issues between the
>> implementer and the PCI/DSS auditor.
>> <http://webmasters.stackexchange.com/questions/15098/pci-dss-compliance-for-a-vps-using-centos>
>>
>> Thanks very much.
>>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>