I have a client project to implement PCI/DSS compliance.
The PCI/DSS auditor has stipulated that the web server, application
middleware (tomcat), the db server have to be on different systems.
In addition the auditor has also stipulated that there be a NTP
server, a “patch” server,
The Host OS on all of the above nodes will be CentOS 6.2.
Below is a list of things that would be necessary.
1. Digital Certificates for each host on the PCI/DSS segment
2. SELinux on each Linux host in the PCI/DSS network segment
3. Tripwire/AIDE on each Linux host in the PCI/DSS segment
4. OS hardening scripts (e.g. Bastille Linux)
6. IDS (Snort)