Skip to main content
Sumo Logic

PCI Compliance for Linux Dashboards

The Sumo Logic PCI Compliance for Linux App provides dashboards and sample queries to meet requirements around account and system monitoring, login activity, and privileged user activity.

PCI Compliance for Linux Dashboards

PCI Compliance for Linux - Account, User, System Monitoring

Meets Requirements 02, 07, 08 and 10 by monitoring user accounts and services.

PCI Requirements 02 07 08  and 10

  • User Account Created. See when new user accounts were created, when, how and by whom.  

  • User Account Deleted. See when existing user accounts were deleted when, and by whom.

  • Stopped Services. List of services stopped, who stopped them, and time they were stopped.

  • Running Services (Daemons). List of services currently running, their hosts, latest time ran, earliest time ran.

  • Active Services Over Time. Services’ activity for the last 24 hours as a line chart.

  • Unique Services Running. List of unique services running by host and times ran.

  • System Stopped. List of times systems were stopped over the last 24 hours with message text.

  • System Time Change Attempt.  Displays an aggregation table of the time change attempts over the last 24 hours.

  • Unique Services. The number of unique services to run in the last 24 hours as a pie chart.

  • Excessive Failed Access Attempts. Displays an aggregation table of the most recent excessive failed access attempts.

PCI Compliance for Linux - Login Activity

Meets Requirements 02 and 10 by tracking login activity.

Login Activity

  • Failed Logins. Total number of unsuccessful logins for the last 24 hours.

  • Failed Logins. Aggregation table detailing unsuccessful logins for the last 24 hours.

  • Successful Logins. Total number of successful logins for the current time period.

  • Successful Logins. Aggregation table detailing successful logins for the last 24 hours.

  • Default Logins (root user-failure). Number of super-user logins that failed and the   error message issued at that failure.

  • Default Logins (root user-success). Number of successful super-user logins.

PCI Compliance for Linux - Privileged Activity

Meets Requirement 10. See who and where requests to run as a privileged user are occurring.

PCI Linux Compliance

  • Sudo Attempts. Count of total attempts at running as a privileged user (sudo) made by users over the last 24 hours.

  • Failed sudo.  Count of total of failed attempts at running as privileged user (sudo) over the last 24 hours.

  • Top 10 sudo by User. Most frequent attempts at running as a privileged user (sudo) for a role broken down by destination, user attempting to be sudo, and total number of attempts at sudo.

  • Top 10 sudo by Host. Most frequent attempts at running as a privileged user (sudo) by host.

  • Sudo Attempts Over Time. Trend of the number of attempts at running as a privileged user (sudo) over the last 24 hours.

  • Recent sudo Attempts. Aggregation table of the time, host location, source, user, and directory location of attempts to run as a privileged user (sudo).