Linux accounting collects data about system usage by users and processes. The accounting data can be compared with the call list from your mobile phone operator. This data can be valuable for billing, troubleshooting, and digital forensics.

2015-10-12 (last updated at July 23rd, 2018) Michael BoelenPCI DSS compliance 4 comments

In-depth Linux Guide to Achieve PCI DSS Compliance and Certification

If you work for a company which accepts, processes, or stores credit card details, you might be familiar with the PCI Data Security Standard (DSS). The standard itself is very detailed. Still, it sometimes unclear on what specifically to implement and when. This guide will help with translating the PCI standard to technical security controls on Linux systems. This document has the goal to help you further secure your network and pass the PCI DSS audit. It is important to […]

2015-04-16 (last updated at June 30th, 2018) Michael BoelenAccounting, Auditing, Troubleshooting 2 comments

Tuning auditd: high-performance Linux Auditing

The Linux Audit framework is a powerful tool to audit system events. From running executables up to system calls, everything can be logged. However, all this audit logging comes at the price of decreased system performance. Let’s have a look at how we can optimize our audit rules. Performance tips Good auditd performance will reduce stress on the Linux kernel and lower its impact. Before changing anything to your system, we suggest benchmarking your system performance before and after. This […]

Screenshot of Lynis running PCI DSS audit on Linux

2015-01-05 (last updated at July 23rd, 2018) Michael BoelenCompliance, PCI DSS compliance Leave a comment

PCI DSS (v3) Linux: Logging of administrative actions with root privileges (10.2.2)

PCI DSS: Logging of administrative actions with root privileges Companies who need to comply with the PCI DSS standard need to log all actions which are executed by the root user or those accounts with similar administrative privileges. 10.2.2 Verify all actions taken by any individual with root or administrative privileges are logged. The Linux kernel allows the monitoring of executed commands. This monitoring and logging can be done with the Linux audit framework. Using this framework, we can monitor […]