Marti, Rob wrote: > Yeah, the developers sometimes have to troubleshoot code on production > systems (we try to split dev and prod but are not always successful). We're > working on a better split, but its not just CC numbers... socials in the > database, etc. Oh, boy. If everyone's not already had criminal background & credit checks, I suspect it's coming sooner rather than later. > > Bash auditing is pretty win. > As I said, I still think that you'll wind up with so much info that trying to find anything relevant will be a major task. mark > Rob Marti > > -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx > [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of mark Sent: Tuesday, > June 09, 2009 4:51 PM To: General Red Hat Linux discussion list Subject: Re: > users logs > > Marti, Rob wrote: >> If you're using RHEL5 you can enable bash auditing. I don't think the >> same solution exists for RHEL4 (yet?). >> >> As far as why, I've been requested to set it up for PCI compliance (since >> developers have access to credit card numbers, etc. without going through >> sudo) but all my CC handling servers are RHEL4 so... :-/ > > Oh. > > I came off a contract the end of April at a company that's both a root CA, > and does managed security for PCI/CSS, so I have a clue what you're dealing > with. > > One question: the *developers* have access to numbers, and not test numbers? > I believe that you can request card numbers with info explicitly for > development and testing. All the rest should be encrypted everywhere where > it's not inside a secure subnet, and they'd prefer then, as well, if I > understand it correctly. > > mark > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
