[CentOS] PCI/DSS compliance on CentOS

Sat May 26 05:23:33 UTC 2012
Eero Volotinen <eero.volotinen at iki.fi>

2012/5/26 Arun Khan <knura9 at gmail.com>:
> Hi Eero,
>
> On Sat, May 26, 2012 at 1:12 AM, Eero Volotinen <eero.volotinen at iki.fi> wrote:
>> 2012/5/25 Arun Khan <knura9 at gmail.com>:
>>> I have a client project to implement PCI/DSS compliance.
>>>
>>> The PCI/DSS auditor has stipulated that the web server, application
>>> middleware (tomcat), the db server have to be on different systems.
>>
>> requirement "one primary function per server".
>>
>>> In addition the auditor has also stipulated that there be a NTP
>>> server, a "patch" server,
>>
>> true also.
>
> ... snip ...
>
>
> Thanks for your input on each points in OP.   I appreciate it.

Usually you also need to implement WAF (web application firewall) on
front of public webservers.

I think cheapest solution is use mod_security*) on apache and then
proxy valid requests to tomcat.

*) http://www.modsecurity.org/


--
Eero, RHCE, CISSP