Compliance

Learn about compliance standards and best practices and how it related to Linux systems. With focus on security auditing and system hardening.

GDPR Compliance: Technical Requirements for Linux Systems

An insight in the technical aspects and requirements for Linux systems when it comes to compliance with the GDPR, the General Data Protection Regulation.

In-depth Linux Guide to Achieve PCI DSS Compliance and Certification

This is the technical Linux guide to achieve compliance with the PCI DSS standard. Become compliant, with Linux tips for configuration and auditing.

SOx compliance and Enron: The Smartest Guys in the Room

On of the biggest companies in the US, Enron fell into the trap of fraud. Great lessons might be learned from the documentary and SOx compliance.

Find the alternatives: CIS-CAT auditing tool

Sometimes time or money is limited. We hunt to find great alternatives to commercial solutions. This time alternatives for the CIS auditing tool CIS-CAT.

Security Integration: Configuration Management and Auditing

Configuration management and system auditing go hand in hand. In this article we cover both and learn why this combination is so powerful.

Using ClamAV for Linux PCI DSS requirement 5: Malware

PCI DSS requirement 5 focuses on anti-virus and malware, or malicious software. Linux systems can also be compliant by using the popular ClamAV software.

PCI DSS Linux: Creation and deletion of system-level objects

The PCI DSS standard defines Creation and deletion of system-level objects. For Linux systems this might be handled with the Linux audit framework.

PCI DSS (v3) Linux: Invalid logical access attempts (10.2.4)

PCI DSS compliance control 10.2.4 mandates to monitor invalid logical access attempts. For Linux we can use the Linux audit framework to monitor for this event.

PCI DSS Linux: Logging of administrative actions with root privileges

PCI DSS requires logging of administrative actions, including commands executed by the root user or using sudo. Learn how to set up accounting and auditing.

Using Open Source Auditing Tools as alternative to CIS Benchmarks

Hardening guides, and the CIS benchmarks in particular, are a great resource to harden your system. But there are alternatives.

PCI DSS Linux: No write access to shared system binaries

PCI compliance demands that no write access is allowed to shared system binaries. Let's use several tools to determine if write access is allowed.

PCI DSS (v3) for Linux: Auditing application processes (A.1.2.a)

PCI DSS compliance requires you to verify if no application processes are running as root. We audit these application processes and check the status of each.

PCI DSS (v3) Linux: Restrict log file viewing (A.1.2.d)

Linux users who want to compliant with PCI DSS have to restrict log file viewing to only the owner. Learn how to achieve this.

Do NOT use Linux hardening checklists for your servers

The solution to avoid using Linux hardening checklists for your servers is simple. With proper automation and regular checks, checklists could be avoided.

Linux server security: Three steps to secure each system

Article about Linux server security and guidance for securing your Linux systems. Focus on auditing, hardening and compliance, to improve security defenses.