PCI System level object

MAUPERTUIS, PHILIPPE philippe.maupertuis at equensworldline.com
Mon Jan 13 17:46:15 UTC 2020 

Hi,
Redhat is providing audit rules sample for PCI DSS.
For the requirement 10.2.7 it is written :
## 10.2.7 Creation and deletion of system-level objects
## This requirement seems to be database table related and not audit

However the PCI glossary defines system level objects as :
System-level object:
Anything on a system component that is required for its operation, including but not limited to database tables, stored procedures, application executables and configuration files, system configuration files, static and shared libraries and DLLs, system executables, device drivers and device configuration files,and third-party components.
It seems It should be covered by the FIM solution and not by audit.
However loading and unloading kernel modules  should probably be covered by auditd.
Could you tell me which events are generated in that case ?
Are there any others events that should consider for this requirement

Regards
Philippe

equensWorldline is a registered trade mark and trading name owned by the Worldline Group through its holding company.
This e-mail and the documents attached are confidential and intended solely for the addressee. If you receive this e-mail in error, you are not authorized to copy, disclose, use or retain it. Please notify the sender immediately and delete this email from your systems. As emails may be intercepted, amended or lost, they are not secure. EquensWorldline and the Worldline Group therefore can accept no liability for any errors or their content. Although equensWorldline and the Worldline Group endeavours to maintain a virus-free network, we do not warrant that this transmission is virus-free and can accept no liability for any damages resulting from any virus transmitted. The risks are deemed to be accepted by everyone who communicates with equensWorldline and the Worldline Group by email
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20200113/a35f5ea0/attachment.htm>

More information about the Linux-audit mailing list