Create a gist now

Instantly share code, notes, and snippets.

@diyan /
Last active Jan 23, 2018

What would you like to do?
PCI DSS. Useful resources


NOTE: Work in progress

TODO: Identity management, two-factor auth, OpenVPN, Logstash, log shippers, IIS logs, OSSEC, Snort, Suricata, snorby, restart iis w/o admin role,

PCI DSS. Guidelines

REQ 10.1, 10.2. Tools. Resource access tracking

REQ 10.1, 10.2. Tools. Resource access tracking. auditd

REQ 10.1, 10.2. Tools. Resource access tracking. rootsh

REQ 10.3. Tools. Log management

REQ 10.3. Tools. Log management. nxlog

PCI DSS. Tools. Vulnerability management

PCI DSS. Tools. Penetration testing

PCI DSS. Python apps

0cjs commented Jul 18, 2017

When it comes to log management, the first thing you should always be looking at on modern (RHEL/CentOS 7+, Debian 8+ and derivatives) is Systemd's Journal (journald/journalctl etc.) These systems in fact use the journal as their main logging system and all files in /var/log are either generated by ryslogd reading copies of the messages from the journal or are generated by programs (such as auditd and often Apache) that avoid the standard logging system (/dev/log etc.) completely.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment