Re: PCI / AV / Linux DB Servers

You may also check if PCI auditors would accept command line AV' that run on a scheduled basis (not in real-time).

Regards
Dimitre

On 04/02/2014 10:23, Justin Mungal wrote:
> AV on a properly secured Linux DB server, that is on a secured
> network, is not something I would suggest. But, there are some
> customers that want to run it. Sophos AV has not caused any major
> problems as long as all of the Oracle data directories are excluded
> from real-time scanning. As far as benefits, they seem quite
> questionable to me.
>
>
> On Fri, Jan 31, 2014 at 11:05 AM, Uzzell, Stephan <SUzzell_at_micros.com
> <mailto:SUzzell_at_micros.com>> wrote:
>
> Hi all,
>
> We're in a bit of an uncomfortable spot here... We're basically a
> Windows shop, our DB servers have internet access, and therefore
> our DB servers have AV software installed. We have periodically
> had to disable or even remove it on some of our larger database
> clusters as we have seen slow interconnect traffic with it enabled
> (Symantec Endpoint, mostly version 12 by this point). As soon as
> we remove Endpoint, interconnect ping times go back to where they
> should be and we move on.
>
> We've just started a process of converting to Linux -- supposedly
> we'll have all 240+ databases on 11.2.0.3 on Linux by the end of
> the year. We had somewhat assumed along the way that we would not
> be using AV software on our Linux DB servers: lower risk, fewer
> Linux viruses, &c.
>
> Our PCI auditor doesn't seem to agree. To satisfy his
> requirements, we need some form our AV software installed. Or some
> other form of protection...
>
> So -- I guess my question is: people running production Linux
> environments -- what do you do? How do you protect your servers?
>
> Thanks!
>
> *Stephan Uzzell*
>
>

--
http://www.freelists.org/webpage/oracle-l