Achieve PCI DSS compliance with FreeBSD
I - Introduction
This HOWTO provides solutions and ideas on how to achieve PCI DSS compliance on a FreeBSD system towards PCI DSS Standard 3.0.
Please note that this HOWTO is NOT COMPLETE and probably never will. Nevertheless it might be helpful for you anyway as we update this HOWTO on a regular basis.
II - PCI DSS Requirements
Numbers correspond to the PCI DSS standard mentioned above.
2.2.1) One function per server
Have only one function per server. For example if your the is a webserver, only install webserver software, not any databases or FTP servers.
4.4) Centralized Logging
To have centralized logging, activate remote syslogging in /etc/syslogd.conf:
5.1) Anti-Malware / Anti-Virus
Install one or more malware detection tools from the FreeBSD Ports:
6.1) Time window for security updates
You must install vendor critical security patches within 30 days.
- Subscribe to the FreeBSD advisories and security mailing lists listed at the FreeBSD Security Information website.
- Install /usr/ports/ports-mgmt/portaudit and take care of the produced logs if your ports need an update.
8.5.15) Automatic logouts
You must logout idle users after 15 minutes. You do so by adding the following line to your /etc/csh.cshrc:
set -r autologout=15
11.4) Intrusion detection
Install an intrusion detection/prevention system from the FreeBSD Ports: