Highest Voted 'pci-dss' Questions - Server Fault Stack Exchange

1

vote

0 answers

Which directories get affected by "Linux PCI-DSS patch updates" and "Kernel update"

To achieve the PCI-DSS compliance, Company should apply all OS patching in monthly bases. However, these patches affect the File Integrity monitoring, for example /etc/bin /etc/include and much more directories. My question is, how to know which…

redhat pci-dss

asked Sep 12 '21 at 00:04

cLaS1c

11
1

1

vote

1 answer

Upgrade to openssh 8.3 (server) on debian 10 buster

Have a fairly vanilla Debian Buster (10) latest stable. PCI Scan (sysnet/qualsys/worldpay) shows a PCI Compliance = NO vulnerability identified as CVE-2019-16905 https://security-tracker.debian.org/tracker/CVE-2019-16905 It doesn't look like it will…

ssh openssl pci-dss debian-buster

asked Sep 27 '20 at 03:12

Chris Go

135
1
4

1

vote

1 answer

SOC2 Compliance and Hardware

Topic is SOC2 compliance relating to server hardware. Simply put, we have a mixed bag of servers that, while perfectly suited to their job, are End of Life and End of Support with the manufacturer. As an example, one of the servers is a Dell…

pci-dss compliance

asked Jul 09 '20 at 15:33

Jay

11
1

0

votes

0 answers

OpenSSH Ubuntu Upgrade

We are currently using an EC2 (AWS) instance with Ubuntu 18.04.3 LTS, we are trying to perform a PCI compliant procedure and we had an error with OpenSSH being in an old version, so we have decided to update it. I have compiled and installed a newer…

ubuntu ssh pci-dss

asked Oct 28 '19 at 20:02

BarNation

21
3

0

votes

0 answers

How to ensure client authentication work with 389 server with anonymous bind disabled?

While working on Internal PT for PCI DSS compliance, it flags that LDAP (389 server, FreeIPA) the anonymous bind is allowing listing list of user accounts. Many searches are leading to setting up nsslapd-allow-anonymous-access:…

ldap pci-dss freeipa 389-ds

asked Mar 04 '19 at 19:15

MPN

1

0

votes

0 answers

PCI Compliance - SSL certificate doesn't match hostname (port 25)

I'm working on an Ubuntu server hosting multiple websites for one company. Trying to get one of the domains to be PCI compliant, but it's failing on port 25 (SMTP) because the SSL certificate hostname doesn't match. Each domain hosted on the server…

ssl postfix smtp ssl-certificate pci-dss

asked Dec 21 '18 at 16:27

BadHorsie

137
2
10

0

votes

1 answer

PCI Scanning Setup for Sonicwall & Windows Server 2012

I am trying to get our network to pass a PCI-compliance scan. Our hardware setup is: WAN -> AT&T modem (in passthrough) -> Sonicwall -> Win Server 2012r2 acting as domain controller / HDCP. After solving some AT&T-related problems, the PCI scan is…

sonicwall pci-dss

asked Jun 29 '18 at 22:33

geardan

13
5

0

votes

1 answer

Forward Windows 2012 event logs from workgroup host to domain host

Is this possible? I've gone through the following but no events are forwarded. https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc748890(v=ws.11) I have a DMZ server that I want to forward logs from…

windows-server-2012-r2 windows-event-log pci-dss

asked Apr 04 '18 at 21:44

William Jens

191
9

0

votes

1 answer

Disable SHA1 now Firefox won't work

I've been tasked to get our site into PCI compliance by disabling SHA1 on the server. I am accomplishing this by using IIS Crypto 2.0. We decided to also go with just TLS 1.2. the specific problem I am having is when I disable SHA1, all versions of…

ssl firefox pci-dss cipher

asked Jan 08 '18 at 19:43

scripter78

121
1
1
5

0

votes

1 answer

Debian Stretch - PCI Compliance issue with OpenSSH version

One of the servers I look after is failing a PCI Compliance ASV scan. The warning being picked up is: The SSH server running on the remote host is affected by an information disclosure vulnerability. According to its banner, the version of OpenSSH…

ssh debian pci-dss

asked Sep 22 '17 at 13:55

steve

153
1
1
9

0

votes

2 answers

Allowing remote access to a security camera DVR, while not leaving ports open to the public

I have a friend who runs a small business and needs to maintain PCI compliance. He also wants to allow remote access to his security camera DVR which is on the network, but doing so would break his PCI compliance because it would open up a port (80,…

vpn firewall port access-control-list pci-dss

asked Apr 22 '17 at 00:26

Wonder Ing

1
1

0

votes

1 answer

PCI Scan failing at TCP Source Port Pass Firewall testing

I'm trying to get PCI scan PASS for my website, Scan failing at this step. The host responded 4 times to 4 TCP SYN probes sent to destination port 20 using source port 80. However, it did not respond at all to 4 TCP SYN probes sent to the same…

linux iptables tcp pci-dss

asked Apr 11 '16 at 20:18

Augustin

117
2
6

0

votes

1 answer

XSS Vulnerability with PCI RapidComply

I have a website hosted on an Apache Tomcat 7 server that uses the Authorize.net gateway and merchant services to handle payment. I recently ran a required PCI Compliance test against my website, and it failed due to a Reflected…

security tomcat http html pci-dss

asked Jun 27 '15 at 12:12

Bob .

103
1

0

votes

2 answers

NGNIX, SSL Certificates and PC-DSSI 3.1

We are going to have to pass a PCI 3.1 audit for the web application we're currently developing. It's on Amazon EC2 running NGINX under Debian. We're in contact with Symantec for certificates and we're particularly interested in the Secure Site Pro…

ssl ssl-certificate pci-dss symantec

asked May 21 '15 at 15:44

JasonGenX

522
1
5
16

0

votes

1 answer

Can't access https web service from web server - Schannel fatal alert: 40

About a month ago our code to access a web service started failing, and gives an error relating to SSL connection: System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel. at…

windows-server-2008 ssl asp.net pci-dss web-services

asked Feb 12 '15 at 11:35

johna

121
1
3

Questions tagged [pci-dss]