PCI System level object

F Rafi farhanible at gmail.com
Mon Jan 13 18:42:40 UTC 2020 

I have used audit logs instead of a FIM solution for PCI compliance at the
system/OS level. IMO most FIM-only products do not provide a significant
value or reduction in threats.

Farhan

On Mon, Jan 13, 2020 at 12:46 PM MAUPERTUIS, PHILIPPE <
philippe.maupertuis at equensworldline.com> wrote:

> Hi,
>
> Redhat is providing audit rules sample for PCI DSS.
>
> For the requirement 10.2.7 it is written :
>
> ## 10.2.7 Creation and deletion of system-level objects
>
> ## This requirement seems to be database table related and not audit
>
>
>
> However the PCI glossary defines system level objects as :
>
> System-level object:
>
> Anything on a system component that is required for its operation,
> including but not limited to database tables, stored procedures,
> application executables and configuration files, system configuration
> files, static and shared libraries and DLLs, system executables, device
> drivers and device configuration files,and third-party components.
>
> It seems It should be covered by the FIM solution and not by audit.
>
> However loading and unloading kernel modules  should probably be covered
> by auditd.
>
> Could you tell me which events are generated in that case ?
>
> Are there any others events that should consider for this requirement
>
>
>
> Regards
>
> Philippe
>
> equensWorldline is a registered trade mark and trading name owned by the
> Worldline Group through its holding company.
> This e-mail and the documents attached are confidential and intended
> solely for the addressee. If you receive this e-mail in error, you are not
> authorized to copy, disclose, use or retain it. Please notify the sender
> immediately and delete this email from your systems. As emails may be
> intercepted, amended or lost, they are not secure. EquensWorldline and the
> Worldline Group therefore can accept no liability for any errors or their
> content. Although equensWorldline and the Worldline Group endeavours to
> maintain a virus-free network, we do not warrant that this transmission is
> virus-free and can accept no liability for any damages resulting from any
> virus transmitted. The risks are deemed to be accepted by everyone who
> communicates with equensWorldline and the Worldline Group by email
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20200113/cf022b1c/attachment.htm>

More information about the Linux-audit mailing list