pci compliance

Ross Cameron ross.cameron at linuxpro.co.za
Mon Jul 28 18:02:41 UTC 2008


On Mon, Jul 28, 2008 at 7:51 PM, kalin m <mail at godfur.com> wrote:

> hi all...
>
> i'm about to submit a freebsd system to be scanned for pci compliance...
>
> is there any particular gotchas with bsd systems that can be detected at
> the time of pci compliance scanning?
> i know they use something like nmap if not nmap itself and i did myself on
> that machine and didn't find anything interesting.
> but one of the consultants that was 'advising' the company i work for said
> "we use similar (as in nmap) approach but it's (much) more intrusive".
> anybody knows what does that mean?
>
> thanks...


The PCI auditing process is a full penetration test.
    It's very thorough and not at all easy to pass.

Get hold of a copy of "The penetration tester's handbook" and make sure u
pass all the tests in the book and u should be ok


More information about the freebsd-questions mailing list