search for: compliance

Displaying 20 results from an estimated 855 matches for "compliance".

2012 Feb 01
Configuration Compliance auditing for many CentOS 5.x boxes
Hi CentOS experts,* Short Version* I would like to produce a weekly report in HTML for each CentOS 5.x server we have indicating configuration compliance with some industry benchmark. I am looking for a tool or tools to implement this, I am happy to use 3rd party proprietary stuff if necessary. * Long(er) Version* Current Situation.. I have a client with many (200x) CentOS 5.x servers deployed in various web, mail, database and file server r...
2006 Oct 16
[Patch] Fix a failure in PCI Compliance Test
The Xen platform device (introduced in changeset 11161) would cause HCT''s PCI Compliance Test to generate a failure message. The patch fixes this. Thanks Dexuan Cui Signed-off-by: Dexuan Cui <> _______________________________________________ Xen-devel mailing list
2012 May 25
PCI/DSS compliance on CentOS
I have a client project to implement PCI/DSS compliance. The PCI/DSS auditor has stipulated that the web server, application middleware (tomcat), the db server have to be on different systems. In addition the auditor has also stipulated that there be a NTP server, a "patch" server, The Host OS on all of the above nodes will be CentOS 6.2...
2012 Feb 16
How to configure PE 2.0 compliance ?
Hi , I want to use PE 2.0 compliance feature , however i am not seeing any data on puppet-dashboard on compliance tab , it says no baseline set , reviewed NA etc..... I have written audit manifests class foo { file {''/etc/resolv.conf'': audit => all, } file {''/et...
2006 Jul 27
How To Test For W3C compliance locally and possibly to include it in to Continuous integraition process
Hi Everyone, As many of you out there I''m "protected" by the firewall which prevents me from checking my code for W3C compliance, I am able to check the production code but i would like to test my code before it goes to production. So if anyone was able to have that check done locally, possibly including some sort of tests in to the integration process, I would truly appreciate knowledge exchange. Sincerely: Gregory Bl...
2006 Apr 15
OpenSSH fips compliance
Hello All, Im using OpenSSH 4.2p1 statically linked with OpenSSL 0.9.7i. It looks now that a fips certified OpenSSL is now available at . I like to know of any patches applicable for OpenSSH versions to make it fips compliant. Is there any idea for OpenSSH core team to make OpenSSH as fips compliant? What amount of work it
2012 Mar 21
UPS compliance/certification procedures
Dear Sirs, we currently manufacture/import UPS units in Italy and distribute them all over the country. How can we obtain an official certification to offer our products with full compliance with QNAP, Synology and similar hardware? Looking forward to hearing from you, Best Regards ________________________ Alessandro Gualtieri LAER Accumulatori Srl Via Pio XII, 65/c 20060 - Pozzuolo Martesana MI C.F.-P.IVA: 03882470150 Centralino: 02 95 35 92 58 Diretto: 02 845 72 7...
2008 Sep 30
PKI Compliance Dovecot Server
Hello, I work for an organization that uses a Secure Dovecot server for messaging, and recently we've had to undergo some security screenings for PKI compliance (credit card industry standards). However, the screening returned to us a failure due to the following reason (attributed to our Dovecot server, which runs on port 993 and is the only "open" port on our firewall): Synopsis : The remote service encrypts traffic using a protocol with know...
2016 Sep 22
VPAT for centos 7 - section 508 compliance statement
...S 7 VPAT can be posted? Recommending under FAQ or AdditionalResources -Jason > -----Original Message----- > From: Jason Pyeron [mailto:jpyeron at] > Sent: Friday, October 30, 2015 14:08 > To: 'centos-devel at' > Subject: VPAT for centos 7 - section 508 compliance statement > > I am working on getting Centos 7 approved for use at a > federal agency, RHEL is already approved for use in production. > > One of the blockers I hit is, "Does the vendor provide a VPAT?" > > Does the attached look right? Where should this be posted...
2011 Feb 18
Recommendation for a Good Vulnerability Scanning Service?
Hi, Can someone recommend a good vulnerability scanning service? I just need the minimum for PCI compliance (it's a sort of credit card processing certification). I got a free scan from and their scan reported a number of "Fail" results. I haven't checked them all yet but most seem to be things for which fixes were backported looong ago by Th...
2007 Apr 14
SAMBA Problem - Users take ownership
...02 Archived Documents for Reg. 1 -rwxrwx---+ 1 AVMAX+RMesheau AVMAX+Domain Admins 64512 Apr 13 12:56 LOG BOOK entry template.xls drwxrws---+ 6 root AVMAX+Domain Admins 4096 Mar 30 16:20 Logpages Monthly Templates Reports etc -rwxrwx---+ 1 AVMAX+ALee AVMAX+Domain Admins 552448 Apr 13 13:16 MOD SB Compliance Status ALEX.xls -r--rwx---+ 1 AVMAX+ALee AVMAX+Domain Admins 552448 Apr 12 13:35 MOD SB Compliance Status.xls drwxrws---+ 2 root AVMAX+Domain Admins 4096 Mar 30 16:09 Monthly Workorder Templates drwxrws---+ 3 root AVMAX+Domain Admins 4096 Apr 3 09:06 SIP + Audit Spreadsheets drwxrws---+ 5 root...
2004 Feb 14
[PATCH] POP3: Fix RFC1939 non-compliance in STAT, LIST and UIDL commands
...<nic at> Bellamy Consulting -- Software & Security -- -- Phone: +64-6-377-4957 Fax: +64-6-377-0505 Mobile: +64-21-251-8954 -- -------------- next part -------------- A non-text attachment was scrubbed... Name: stat-list-uidl-rfc1939-compliance.patch.gz Type: application/x-gzip Size: 1211 bytes Desc: not available URL: <>
2013 Oct 28
Asterisk RFC 3261 Compliance
Hello ALL, Anybody performed ASTERISK Testing for RFC 3261 Compliance? If Yes, Please share Result. Best Regards,Sakharam Thorat. -------------- next part -------------- An HTML attachment was scrubbed... URL: <>
2004 Sep 13
PABX & VOIP Gateway gateway for research & testing purposes. Could anyone please describe a simple setup? Naturally the connection to the gateway would have to be Austel approved. I have seen references to the Netjet ISDN cards? I am having difficulties in finding information with regards to Austel compliance. Has anyone had experiences with such setups? Any help would be much appreciated. Thank you.
2008 Feb 13
Apache RPM's
...all, I love CentOS, but I am seriously regretting selecting Centos 4.4 for my production hosting servers. The current situation with CentOS 4.4 and being stuck at Apache 2.0.52 is a huge problem because of the new requirements for the Credit Card industry PCI scan. Apache 2.0.52 does not pass PCI compliance scans. which means no ecommerce on any of these servers - MAJOR ISSUE. So my question to the community is: when are new Apache RPM's going to be released or at minimum a backported version that plugs these security holes so we can pass PCI scans. Apache 2.0.52 has some major issues that need to...
2011 Jun 28
FIPS 140-2 compliance
I''ve just posted a feature request <> relating to FIPS 140-2 compliance. I''m pointing to it here on the mailing list because I listed there five places where Puppet (nay, Ruby!) crashed while I was testing a deployment using FIPS mode on all hosts. It crashed because it tried to use MD5, and OpenSSL in FIPS mode doesn''t let you do that. When I replace...
2008 Feb 26
[Bug 1443] New: Missing terminating CR in identification string (RFC non-compliance) Summary: Missing terminating CR in identification string (RFC non-compliance) Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: All...
2015 Oct 21
Security implications of openssl098e on CentOS 7
Greetings, I'm working with a new CentOS 7 installation, moving a system up from CentOS 5 due to OpenSSL version 0.9.8e not meeting PCI Compliance requirements. However, while setting up the CentOS 7 environment one of the closed source applications is requiring 0.9.8. The software vendor has advised installing package openssl098e from yum; but I'm hesitant to do so from a compliance and security perspective. What are the implicatio...
2006 Jul 19
Recommended testing approaches for new Mongrel handlers?
Okay, I got off my duff this week and have been finishing Mongrel support for IOWA. I now have two handlers that I need to test. One is similar to the Rails handler, passing request handling to IOWA threads in the same process, and the other allows one or more Mongrel processes to pass requests to one or more separate IOWA processes, with session affinity. Is there any set of standard sorts of
2009 Jan 22
Antivirus for CentOS? (yuck!)
Hi All, Yes, I know, it's really really embarrassing to have to ask but I'm being pushed to the wall with PCI DSS Compliance procedure ( and have to either justify why we don't need to install an anti-virus or find an anti-virus to run on our CentOS 5 servers. Whatever I do - it needs to be convincing enough to make the PCI compliance guy tick the box. So: 1. Ha...