From: "MAUPERTUIS, PHILIPPE" <philippe.maupertuis@equensworldline.com>
To: "linux-audit@redhat.com" <linux-audit@redhat.com>
Subject: PCI System level object
Date: Mon, 13 Jan 2020 17:46:15 +0000 [thread overview]
Message-ID: <5F4EE10832231F4F921A255C1D954298261DA3@DEERLM99EX7MSX.ww931.my-it-solutions.net> (raw)
[-- Attachment #1.1: Type: text/plain, Size: 1879 bytes --]
Hi,
Redhat is providing audit rules sample for PCI DSS.
For the requirement 10.2.7 it is written :
## 10.2.7 Creation and deletion of system-level objects
## This requirement seems to be database table related and not audit
However the PCI glossary defines system level objects as :
System-level object:
Anything on a system component that is required for its operation, including but not limited to database tables, stored procedures, application executables and configuration files, system configuration files, static and shared libraries and DLLs, system executables, device drivers and device configuration files,and third-party components.
It seems It should be covered by the FIM solution and not by audit.
However loading and unloading kernel modules should probably be covered by auditd.
Could you tell me which events are generated in that case ?
Are there any others events that should consider for this requirement
Regards
Philippe
equensWorldline is a registered trade mark and trading name owned by the Worldline Group through its holding company.
This e-mail and the documents attached are confidential and intended solely for the addressee. If you receive this e-mail in error, you are not authorized to copy, disclose, use or retain it. Please notify the sender immediately and delete this email from your systems. As emails may be intercepted, amended or lost, they are not secure. EquensWorldline and the Worldline Group therefore can accept no liability for any errors or their content. Although equensWorldline and the Worldline Group endeavours to maintain a virus-free network, we do not warrant that this transmission is virus-free and can accept no liability for any damages resulting from any virus transmitted. The risks are deemed to be accepted by everyone who communicates with equensWorldline and the Worldline Group by email
[-- Attachment #1.2: Type: text/html, Size: 7386 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
next reply other threads:[~2020-01-13 17:46 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-13 17:46 MAUPERTUIS, PHILIPPE [this message]
2020-01-13 18:42 ` PCI System level object F Rafi
2020-01-13 22:05 ` Steve Grubb
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5F4EE10832231F4F921A255C1D954298261DA3@DEERLM99EX7MSX.ww931.my-it-solutions.net \
--to=philippe.maupertuis@equensworldline.com \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.