My company has been working hard to maintain PCI compliance. By my company, I mean I have been working hard to maintain my company's PCI compliance.
It used to be easy too. Since we never actually captured or stored credit card information it wasn't too bad, but since we added a new feature a few months ago that actually captures credit card data, even for a split second, we have way more to deal with when it comes to PCI.
One of the things a recent third party audit came up with was the need for file integrity monitoring. The system our auditor recommended was a pricey little bugger called Tripwire. Since my company is still in a fledgling stage, money is not a commodity we have a lot of to spend on expensive software. Thank the sweet baby Jesus for open source right?
Enter in OSSEC, which is an open source host based intrusion detection system that has a file integrity component among other things such as log analysis, policy monitoring, rootkit detection, real-time alerting and active response.
OSSSEC also runs on most operating systems including Linux, Mac OSX, Solaris, HP-UX, AIX and of course Windows.
If you are worried about support, they also provide premium support services through Trend Micro, Inc., the company who backs OSSEC. Otherwise if you are savvy enough, you can just opt in to the users or developers mailing list for free.
For more information on how OSSEC can help you with PCI compliance, check out their link here: (OSSEC PCI/DSS)
Jul 18, 2013
Open Source Alternative To Tripwire For PCI Compliance
10:00 AM
Paul Bauer