Has anyone had experience with this topic? I am trying to convince management that we should be treating these appliances *AS* "black box" appliances, but since they are RedHat Linux, there is interest in modifying things to meet our corporate standards with regards to security.
Ideally there would be a support statement which would satisfy PCI auditors which we could use to get a waiver on these appliances.
Hoping that some other appliance users may have had experience with this in the past? Or perhaps Veritas folks that are on that might have some information regarding this topic?