PCI "10.5.5 Verify the use of file integrity monitoring or change detection software for logs by examining system settings and monitored files and results from monitoring activities" and "11.5 verify the use of file-integrity monitoring products within the cardholder data environment by observing system settings and monitored files, as well as reviewing results from monitoring activities. Examples of files that should be monitored: System executables, Application executables, configuration and parameter files, centrally stored, historical or archived, log and audit files."
These requirements are causing us some grief because everyone has a different opinion as to what should be monitored and how.
The files are on Linux with CentOS.
Can you please tell me how you are satisfying this requirement? Are you using any special software, custom scripts, etc? Which directories and/or files are you monitoring?
Any recommendations or suggestions you can offer would be greatly appreciated.
Thanks again Experts!