Achieve PCI DSS compliance with FreeBSD
I - Introduction
This HOWTO provides solutions and ideas on how to achieve PCI DSS compliance on a FreeBSD system towards PCI DSS Standard 3.0.
Please note that this HOWTO is NOT COMPLETE and probably never will. Nevertheless it might be helpful for you anyway as we update this HOWTO on a regular basis.
II - PCI DSS RequirementsNumbers correspond to the PCI DSS standard mentioned above.
2.2.1) One function per serverHave only one function per server. For example if your the is a webserver, only install webserver software, not any databases or FTP servers.
4.4) Centralized LoggingTo have centralized logging, activate remote syslogging in /etc/syslogd.conf:
5.1) Anti-Malware / Anti-VirusInstall one or more malware detection tools from the FreeBSD Ports:
6.1) Time window for security updatesYou must install vendor critical security patches within 30 days.
- Subscribe to the FreeBSD advisories and security mailing lists listed at the FreeBSD Security Information website.
- Install /usr/ports/ports-mgmt/portaudit and take care of the produced logs if your ports need an update.
8.5.15) Automatic logoutsYou must logout idle users after 15 minutes. You do so by adding the following line to your /etc/csh.cshrc:
set -r autologout=15
11.4) Intrusion detection
Install an intrusion detection/prevention system from the FreeBSD Ports: