Re: PCI/DSS compliance on CentOS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Arun Khan wrote:
> I have a client project to implement PCI/DSS compliance.
>
> The PCI/DSS auditor has stipulated that the web server, application
> middleware (tomcat), the db server have to be on different systems.
> In addition the auditor has also stipulated that there be a NTP
> server, a "patch" server,
>
> The Host OS on all of the above nodes will be CentOS 6.2.
>
> Below is a list of things that would be necessary.
>
> 1. Digital Certificates for each host on the PCI/DSS segment
> 2. SELinux on each Linux host in the PCI/DSS network segment
> 3. Tripwire/AIDE on each Linux host in the PCI/DSS segment
> 4. OS hardening scripts (e.g. Bastille Linux)
> 5. Firewall
> 6. IDS (Snort)
> 6. Central “syslog” server
>
> However, beyond this I would appreciate any comments/feedback /
<snip>
I had a short-term contract with a company that a) did managed security,
and b) was a root CA. I *think* the auditor missed one thing: as I
understand it, if the three servers aren't hardwired to each other, *all*
communications must be encrypted between them.

       mark

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux