LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-17-2007, 03:26 AM   #1
koobi
Member
 
Registered: Jun 2006
Location: Colombo, Sri Lanka
Distribution: Ubuntu
Posts: 103

Rep: Reputation: 15
Logging file access - PCI DSS


Hi,
We are trying to implement the PCI DSS standards to one of our servers and one of the requirements read:

Quote:
When the user accesses the database, the file system, the logging per each user is to be implemented.
we have the db access logging covered but do you know how we can log file system access? i.e., when a file on the system is accessed, for example, we want the name of the file, the name of the user and the time, etc to be logged to a text file.

Is this possible and if it is, is it feasible?


Thanks.
 
Old 09-17-2007, 03:30 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,003
Blog Entries: 54

Rep: Reputation: 2763Reputation: 2763Reputation: 2763Reputation: 2763Reputation: 2763Reputation: 2763Reputation: 2763Reputation: 2763Reputation: 2763Reputation: 2763Reputation: 2763
Quote:
Originally Posted by koobi View Post
we have the db access logging covered
Care to share steps how?


Quote:
Originally Posted by koobi View Post
but do you know how we can log file system access? i.e., when a file on the system is accessed, for example, we want the name of the file, the name of the user and the time, etc to be logged to a text file. Is this possible and if it is, is it feasible?
Look for comments related to Rootsh / Sudosh:
http://www.linuxquestions.org/questi...93&postcount=4
http://www.linuxquestions.org/questi...51&postcount=3
http://www.linuxquestions.org/questi...74&postcount=2
 
Old 09-18-2007, 01:33 AM   #3
koobi
Member
 
Registered: Jun 2006
Location: Colombo, Sri Lanka
Distribution: Ubuntu
Posts: 103

Original Poster
Rep: Reputation: 15
Hi,
Thanks for the reply.

Regarding the steps for database access, I believe the DBA enabled auditing in Oracle and Postgres for our systems. If you want the details, I'll get them for you. Let me know.


Regarding rootsh and sudosh, they only log activities by users under root permission, right?
My scenario is that we have our web files which have the same permission/user/group privileges as the HTTPD daemon. Therefore, we'd like to be able to log the activities of any given user. Does such a tool exist?

Let me know, thanks.
 
Old 09-18-2007, 04:49 AM   #4
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
According to the web page, Rootsh can be wrapped around any user's shell.
 
Old 09-18-2007, 03:13 PM   #5
farslayer
Guru
 
Registered: Oct 2005
Location: Willoughby, Ohio
Distribution: linuxdebian
Posts: 7,231
Blog Entries: 5

Rep: Reputation: 189Reputation: 189
Could take a look at the auditing features of SNARE http://sourceforge.net/projects/snare/

from the website..

Code:
Snare is currently used by hundreds of thousands of individuals, 
and organisations worldwide. Snare for Linux is used by many large 
Financial, Insurance, Healthcare, Defence, AeroSpace, and 
Intelligence organisations to meet elements of local and federal 
security requirements, such as:

    * ACSI 33 / PSM
    * GLBA (Gramm-Leach-Bliley Act)
    * Sarbanes Oxley (SOX)
    * C2 / CAPP
    * DCID 6/3
    * DIAM 50-4
    * DDS-2600-5502-87 Chapter 4
    * NISPOM Chapter 8
    * HIPAA
    * PCIDSS
    * California Senate Bill 1386/AB 1950
    * USA Patriot Act
    * CISP
    * Danish Standard DS-484:2005
    * British Standard BS7799/ISO 17799
an interesting resource that indirectly led me to snare was this site.. pcianswers.com
http://pcianswers.com/2006/07/31/tra...rdholder-data/
Looks like there may be some good info here once I dig farther into the site.

I need to go look at both of these resources closer now..

As for your web files.. if this is a web frontend to access cardholder data I would think at the very least the users would have to login to the website, so you should have already identified the user....

Last edited by farslayer; 09-18-2007 at 03:26 PM.
 
Old 09-20-2007, 01:03 AM   #6
koobi
Member
 
Registered: Jun 2006
Location: Colombo, Sri Lanka
Distribution: Ubuntu
Posts: 103

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by win32sux View Post
According to the web page, Rootsh can be wrapped around any user's shell.
So I could use rootsh on any users shell to log their activities?
How would I do this? Make some changes to my .bash_profile?




Quote:
Originally Posted by farslayer View Post
Could take a look at the auditing features of SNARE http://sourceforge.net/projects/snare/

[message truncated]

an interesting resource that indirectly led me to snare was this site.. pcianswers.com
http://pcianswers.com/2006/07/31/tra...rdholder-data/
Looks like there may be some good info here once I dig farther into the site.

I need to go look at both of these resources closer now..

As for your web files.. if this is a web frontend to access cardholder data I would think at the very least the users would have to login to the website, so you should have already identified the user....
oh this is not the web frontend i'm talking about. the frontend has been secured, i just need to know how to log file access via the filesystem, all other aspects of the PCI requirements have been met, i believe.
 
Old 09-21-2007, 04:08 AM   #7
koobi
Member
 
Registered: Jun 2006
Location: Colombo, Sri Lanka
Distribution: Ubuntu
Posts: 103

Original Poster
Rep: Reputation: 15
farslayer,
I've decided to go with SNARE to monitor file/folder access.
It has all the features I require.

Neat little tool. Thanks for recommending it
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Can i install Olympus DSS player under wine in LINUX vivekmr Linux - Software 8 10-01-2007 03:20 AM
dss to wav candyman123 Linux - General 1 03-06-2006 04:48 PM
logging file access otoomet Linux - Software 3 12-13-2005 10:30 AM
File Access Logging dman65 Linux - General 3 04-08-2005 01:12 PM
(.wav; .mp3) to .DSS converter ? simplexman Linux - Software 0 03-28-2003 02:21 AM


All times are GMT -5. The time now is 12:40 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration