users logs
Marti, Rob
RJM002 at shsu.edu
Tue Jun 9 21:55:04 UTC 2009
Yeah, the developers sometimes have to troubleshoot code on production systems (we try to split dev and prod but are not always successful). We're working on a better split, but its not just CC numbers... socials in the database, etc.
Bash auditing is pretty win.
Rob Marti
-----Original Message-----
From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com] On Behalf Of mark
Sent: Tuesday, June 09, 2009 4:51 PM
To: General Red Hat Linux discussion list
Subject: Re: users logs
Marti, Rob wrote:
> If you're using RHEL5 you can enable bash auditing. I don't think the same
> solution exists for RHEL4 (yet?).
>
> As far as why, I've been requested to set it up for PCI compliance (since
> developers have access to credit card numbers, etc. without going through
> sudo) but all my CC handling servers are RHEL4 so... :-/
Oh.
I came off a contract the end of April at a company that's both a root CA, and
does managed security for PCI/CSS, so I have a clue what you're dealing with.
One question: the *developers* have access to numbers, and not test numbers? I
believe that you can request card numbers with info explicitly for development
and testing. All the rest should be encrypted everywhere where it's not inside
a secure subnet, and they'd prefer then, as well, if I understand it correctly.
mark
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
More information about the redhat-list
mailing list