[Discuss] [BBLISA] audit root/sudo users for RHEL 6 server
Bill Ricker
bill.n1vux at gmail.com
Fri Apr 17 18:20:08 EDT 2020
On Fri, Apr 17, 2020 at 2:58 PM John Malloy <jomalloy at gmail.com> wrote:
> They just want to know who can login as [root] or sudo
> These are both Oracle servers and they only have a [root] and Oracle
> account
> There’s no additional users in the Sudo file
>
>
> > What is the best way to provide proof to an audit person who needs to
> > know all the root/sudo users for a RHEL 6 server?
>
Some auditors collect their own reports ...
> > > We can provide the /etc/passwd & /etc/sudoers file
Probably need to provide */etc/group* as well, since sudoers can grant
privilege on a secondary group membership, typically "*wheel*" (or
sometimes "*sudoers*").
If you have */etc/sudoers.d/ * directory on the server, provide all the
files under there too ...
(Not sure if that's even an option on RHEL6, but it's useful with
deployment tools.)
> > (the auditor may not know how to read these files)
>
If not, you may need a better grade of auditor ...
Zipping up the files should be good enough ... unless they're Windows only
people trying to audit your Linux servers too.
I see one script to do reporting on Sudoers. (If you have the .d directory
you have invoke it per file.)
I haven't tried it, and frankly, if running this as root you should read
the code carefully before running any script as Root !!
https://github.com/jeremypruitt/sudoers-report
YMMV.
>
>
>
> --
Bill Ricker
bill.n1vux at gmail.com
https://www.linkedin.com/in/n1vux
More information about the Discuss
mailing list