Re: users logs

Marti, Rob wrote:
Yeah, the developers sometimes have to troubleshoot code on production
systems (we try to split dev and prod but are not always successful). We're
working on a better split, but its not just CC numbers... socials in the
database, etc.

Oh, boy. If everyone's not already had criminal background & credit checks, I
suspect it's coming sooner rather than later.

Bash auditing is pretty win.

As I said, I still think that you'll wind up with so much info that trying to
find anything relevant will be a major task.

mark
Rob Marti

-----Original Message----- From: redhat-list-bounces@xxxxxxxxxx
[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of mark Sent: Tuesday,
June 09, 2009 4:51 PM To: General Red Hat Linux discussion list Subject: Re:
users logs

Marti, Rob wrote:
If you're using RHEL5 you can enable bash auditing. I don't think the
same solution exists for RHEL4 (yet?).

As far as why, I've been requested to set it up for PCI compliance (since
developers have access to credit card numbers, etc. without going through
sudo) but all my CC handling servers are RHEL4 so... :-/

Oh.

I came off a contract the end of April at a company that's both a root CA,
and does managed security for PCI/CSS, so I have a clue what you're dealing
with.

One question: the *developers* have access to numbers, and not test numbers?
I believe that you can request card numbers with info explicitly for
development and testing. All the rest should be encrypted everywhere where
it's not inside a secure subnet, and they'd prefer then, as well, if I
understand it correctly.

mark


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list