PCI DSS compliance

10.2.5 Usage and changes to identification and authentication mechanisms

10.2.5 Identification and authentication

Within the field of intrusion detection, it is important to know what accounts where used for proper investigation purposes. This section of PCI DSS wants to know how the root user is used on Linux systems, including the creation, modification and deletion of users.

10.2.5a Logging of identification and authentication mechanisms

There are several great waysto properly log events related to identification and authentication. Starting from the basic utmp/wtmp files, to the possibilities of what PAM provide, up to the detailed event logging of auditd.