Linux and Malware
PCI DSS section 5.1 describes the need for an anti-virus solution. This subject is definitely controversial for Linux administrators(AV on Linux, you got to be kidding me), as viruses on Linux-based systems are rare. Still, the platform is not fully resistant to different forms of malware and the related threats. So depending on the particular goal of a system, one or multiple tools can be a good fit.
Open Source Tools
- Generic: ClamAV
- E-mail: ClamAV
- PHP: LMD
- Rootkit detection: chkrootkit, rkhunter
Shell
The shell is definitely one of the most common parts for Linux administrators. Like personal preferences, there are multiple shells available for Linux systems. First step is to ensure that all shells are accounted for. Determine which ones are installed and via /etc/shells which ones are allowed.Session Timeout in Linux shells
Depending on the shells available on the system, a timeout should be configured with the appropriate value. PCI section 8.1.8 (session idle timeout) mandates that after 15 minutes, or 900 seconds, an idle session is being terminated.
One of the files to arrange this is /etc/profile. By using typeset together with the TMOUT variable, we can determine this idle session time, resulting in automatically logging out the user.
typeset -r TMOUT=900
Inactive accounts
Unused or inactive accounts on the system might be an unneeded security risk. This kind of accounts usually exists because there was a one-time need to log in, or simply forgotten after an employee left the company. PCI describes in section 8.1.4 that accounts older than 90 days and are unused, should be removed.
To determine the last time a user logged in, the last command can be used. Information is stored in /var/log/wtmp or rotated files like /var/log/wtmp.1.