PCI and Your Linux Systems

  • Team Omega
  • September 27, 2011

Since Microsoft Windows systems seem to be the main target of breaches these days, it is easy to overlook very basic security settings on Linux systems that may be in use in your organization.  Most Linux system sit on the very same LAN segment as the rest of your Windows and other critical systems.  Even if your Linux systems don’t hold card holder data, a hacker that can log into one of you Linux systems typically has a wealth of system utilities at their disposal once in it to penetrate further out onto your network and other computers on it.

One of the first steps you will want to take to protect a breach originating from a Linux system is to disable the default password settings for accounts that are in you use on your Linux systems.  This can be easily accomplished using the “chage” command at the bash shell.

For example as the root user (or from the sudo command) use:
change -M 90 account
to set the maximum password age to 90 days for a user account requiring that they change their password every 90 days as mandated by PCI
Review possible attempted break-ins in the past by reviewing failed logins with: 
faillog -a
and lock out accounts per PCI requirement for 1 hour after 6 invalid attempts with:
faillog -M 6 -l 3600

See your Linux man documentation for your specific Linux systems for more details or alternative or additional security features.  Just some simple steps such as those above can go a long way towards securing your Linux systems and subsequently your whole network from future attacks.