Detect modifications of critical system binaries.
PCI-DSS is the payment-card industry’s compliance framework. Any systems that handle credit card data and transactions from the major credit card companies must be PCI-DSS compliance. Control 11.5 of the PCI-DSS framework states that organizations must “alert personnel to unauthorized modification (including changes, additions, and deletions) of critical system files, configuration files or content files”. On Linux, critical system binaries are typically stores in
/usr/sbin/. This rule tracks any modifications to those directories.