Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi,
We are trying to implement the PCI DSS standards to one of our servers and one of the requirements read:
Quote:
When the user accesses the database, the file system, the logging per each user is to be implemented.
we have the db access logging covered but do you know how we can log file system access? i.e., when a file on the system is accessed, for example, we want the name of the file, the name of the user and the time, etc to be logged to a text file.
but do you know how we can log file system access? i.e., when a file on the system is accessed, for example, we want the name of the file, the name of the user and the time, etc to be logged to a text file. Is this possible and if it is, is it feasible?
Regarding the steps for database access, I believe the DBA enabled auditing in Oracle and Postgres for our systems. If you want the details, I'll get them for you. Let me know.
Regarding rootsh and sudosh, they only log activities by users under root permission, right?
My scenario is that we have our web files which have the same permission/user/group privileges as the HTTPD daemon. Therefore, we'd like to be able to log the activities of any given user. Does such a tool exist?
Snare is currently used by hundreds of thousands of individuals,
and organisations worldwide. Snare for Linux is used by many large
Financial, Insurance, Healthcare, Defence, AeroSpace, and
Intelligence organisations to meet elements of local and federal
security requirements, such as:
* ACSI 33 / PSM
* GLBA (Gramm-Leach-Bliley Act)
* Sarbanes Oxley (SOX)
* C2 / CAPP
* DCID 6/3
* DIAM 50-4
* DDS-2600-5502-87 Chapter 4
* NISPOM Chapter 8
* HIPAA
* PCIDSS
* California Senate Bill 1386/AB 1950
* USA Patriot Act
* CISP
* Danish Standard DS-484:2005
* British Standard BS7799/ISO 17799
an interesting resource that indirectly led me to snare was this site.. pcianswers.com http://pcianswers.com/2006/07/31/tra...rdholder-data/
Looks like there may be some good info here once I dig farther into the site.
I need to go look at both of these resources closer now..
As for your web files.. if this is a web frontend to access cardholder data I would think at the very least the users would have to login to the website, so you should have already identified the user....
an interesting resource that indirectly led me to snare was this site.. pcianswers.com http://pcianswers.com/2006/07/31/tra...rdholder-data/
Looks like there may be some good info here once I dig farther into the site.
I need to go look at both of these resources closer now..
As for your web files.. if this is a web frontend to access cardholder data I would think at the very least the users would have to login to the website, so you should have already identified the user....
oh this is not the web frontend i'm talking about. the frontend has been secured, i just need to know how to log file access via the filesystem, all other aspects of the PCI requirements have been met, i believe.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
