On Thu, 2012-12-06 at 11:02 -0800, Dennis Peterson wrote:
> Barely on topic but I have a question about RPM's. I'm rolling out an
> enterprise ClamAV solution for PCI compliance and need to use a reliably
> sourced RPM distribution from a third party. I've always done this
> myself but as a contractor that would not be appropriate as I won't be
> there forever. I have no experience with these distributions so wonder
> if there is any kind of consensus on a good vendor. I've seen Dag Weir's
> packages, for example and they seem fine. Best practice says find two
> such reliable (and interchangeable) vendor's products should one or the
> other become non-available.
>
> The platform of interest is RHEL 5.x, 6.x, and the Oracle Linux equivalents.
Add the RPMForge repository. Its mirrored and is reasonably well
documented and is acceptable to mirror locally.
I mirror CentOS v5 and v6 locally and the RPMForge Repositories using
RSYNC daily just before production kicks off in the morning at 6AM ET. I
had to define IP Address i use to mirror from and only for the one
machine.
I also use "clamdownloader.pl" and a local webserver to provide updates
to the rest of the network. Same applies to the source of your
signatures.
The Wiki has good tips on howto setup a local signature morror. Best of
all, if you are only dealing with Linux, this *should* be acceptable by
your QSA.
--
greg folkert - systems administration and support
web: donor.com
email: g...@donor.com
phone: 877-751-3300 x416
direct: 616-328-6449 (direct dial and fax)
"Life is 10 percent what you make it, and 90 percent how you take it."
-- Irving Berlin
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
