Accounting
In-depth Linux Guide to Achieve PCI DSS Compliance and Certification
This is the technical Linux guide to achieve compliance with the PCI DSS standard. Become compliant, with Linux tips for configuration and auditing.
Summary
The standard itself is very detailed. Still, it sometimes unclear on what specifically to implement and when. This guide will help with translating the PCI standard to technical security controls on Linux systems.
This document has the goal to help you further secure your network and pass the PCI DSS audit. It is important to note that this guide is a set of generic tips. Your IT environment might require additional security measures. Always consult your auditor when it comes to interpreting the PCI DSS requirements and how it relates to your systems and network.
Tuning auditd: high-performance Linux Auditing
To achieve better performance with a auditd configuration, it needs to be tuned. See performance boosters like events exclusion, rule ordering, and more.
Summary
The Linux Audit framework is a powerful tool to audit system events. From running executables up to system calls, everything can be logged. However, all this audit logging comes at the price of decreased system performance. Let’s have a look at how we can optimize our audit rules.
Performance tips
Good auditd performance will reduce stress on the Linux kernel and lower its impact. Before changing anything to your system, we suggest benchmarking your system performance before and after. This way you can see the benefits of your tuning efforts.
PCI DSS Linux: Logging of administrative actions with root privileges
PCI DSS requires logging of administrative actions, including commands executed by the root user or using sudo. Learn how to set up accounting and auditing.
Summary
Companies who need to comply with the PCI DSS standard need to log all actions which are executed by the root user or those accounts with similar administrative privileges.
10.2.2 Verify all actions taken by any individual with root or administrative privileges are logged.
The Linux kernel allows the monitoring of executed commands. This monitoring and logging can be done with the Linux audit framework. Using this framework, we can monitor the right system calls and create an audit trail. It is also called Linux accounting. Such accounting is similar to the call history on your mobile phone bill.