Wednesday, October 20, 2010

PCI DSS and Red Hat Enterprise Linux (Part #7)

Requirement 8: Assign a unique ID to each person with computer access


Most requirements presented in this chapter concern Linux password policy, which was described in details by CIS.

Monday, October 11, 2010

PCI DSS and Red Hat Enterprise Linux (Part #6)

Requirement 7. Limit access to system components and cardholder data to only those individuals whose job requires such access

7.2.1 Examine system settings and vendor documentation to confirm that access control systems are in place on all system components

The previous item was about data access control, and this one concerns user access isolation। Let us consider all widespread mechanisms of user privilege restriction. In examples, there will appear listings of commands executed with the root privileges, a user user for whom various permissions will be set, and a user superadmin who will not have the mentioned permissions in spite of the big name.