Last change: 2025-01-06
Everything related to compliance, such as PCI-DSS, HIPAA, ISO27001/27002, SOx, and others and how they related to Linux systems and system administration.
Pci Dss articles
Last change: 2025-01-06
This is the technical Linux guide to achieve compliance with the PCI DSS standard. Become compliant, with Linux tips for configuration and auditing.
Commands:
- grep
- ldd
- lsmod
- netstat
- pwck
- ss
Last change: 2025-01-06
PCI DSS requirement 5 focuses on anti-virus and malware, or malicious software. Linux systems can also be compliant by using the popular ClamAV software.
Commands:
- dpkg
- pacman
- rpm
Last change: 2025-01-06
The PCI DSS standard defines Creation and deletion of system-level objects. For Linux systems this might be handled with the Linux audit framework.
Last change: 2025-01-06
PCI DSS compliance control 10.2.4 mandates to monitor invalid logical access attempts. For Linux we can use the Linux audit framework to monitor for this event.
Commands:
- auditctl
- ausearch
Last change: 2025-01-06
PCI DSS requires logging of administrative actions, including commands executed by the root user or using sudo. Learn how to set up accounting and auditing.
Commands:
- auditctl
- sudo
Last change: 2025-01-06
PCI compliance demands that no write access is allowed to shared system binaries. Let's use several tools to determine if write access is allowed.
Commands:
Last change: 2025-01-06
PCI DSS compliance requires you to verify if no application processes are running as root. We audit these application processes and check the status of each.
Commands:
- awk
- grep
- ps
- sort
- uniq
Last change: 2025-01-06
Linux users who want to compliant with PCI DSS have to restrict log file viewing to only the owner. Learn how to achieve this.
Commands:
- chmod
- find
- last