BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] [BBLISA] audit root/sudo users for RHEL 6 server
- Subject: [Discuss] [BBLISA] audit root/sudo users for RHEL 6 server
- From: gaf at gapps.blu.org (Jerry Feldman)
- Date: Fri, 17 Apr 2020 18:26:28 -0400
- In-reply-to: <CAAbKA3UCH-ht+jrUGe_46+xzuvWWxMks1u+NzEWe9-Bq6yYQFg@mail.gmail.com>
- References: <CAM9bQ=g_-ELF5H279ukH2im3hpYQCoj9XnjLQyuQkewLHBVisw@mail.gmail.com> <20200417173905.GS19608@randomstring.org> <CAM9bQ=hKSGOq4eOp74sftMzWGtjp=sFYa21AQPgQ7=Dgphxg5g@mail.gmail.com> <CAAbKA3UCH-ht+jrUGe_46+xzuvWWxMks1u+NzEWe9-Bq6yYQFg@mail.gmail.com>
Also, if I recall from my days at the bank, that the auditors were almost hands on in that they had to be on site when you gave them the info. -- Jerry Feldman <gaf at gapps.blu.org> Boston Linux and Unix PGP key id: 537C5846 PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB CA3B 4607 4319 537C 5846 On Fri, Apr 17, 2020, 6:21 PM Bill Ricker <bill.n1vux at gmail.com> wrote: > On Fri, Apr 17, 2020 at 2:58 PM John Malloy <jomalloy at gmail.com> wrote: > > > They just want to know who can login as [root] or sudo > > These are both Oracle servers and they only have a [root] and Oracle > > account > > There?s no additional users in the Sudo file > > > > > > > What is the best way to provide proof to an audit person who needs to > > > know all the root/sudo users for a RHEL 6 server? > > > > Some auditors collect their own reports ... > > > > > We can provide the /etc/passwd & /etc/sudoers file > > > Probably need to provide */etc/group* as well, since sudoers can grant > privilege on a secondary group membership, typically "*wheel*" (or > sometimes "*sudoers*"). > > If you have */etc/sudoers.d/ * directory on the server, provide all the > files under there too ... > (Not sure if that's even an option on RHEL6, but it's useful with > deployment tools.) > > > > (the auditor may not know how to read these files) > > > > If not, you may need a better grade of auditor ... > > Zipping up the files should be good enough ... unless they're Windows only > people trying to audit your Linux servers too. > > I see one script to do reporting on Sudoers. (If you have the .d directory > you have invoke it per file.) > I haven't tried it, and frankly, if running this as root you should read > the code carefully before running any script as Root !! > > https://github.com/jeremypruitt/sudoers-report > > YMMV. > > > > > > > > > > -- > Bill Ricker > bill.n1vux at gmail.com > https://www.linkedin.com/in/n1vux > _______________________________________________ > Discuss mailing list > Discuss at lists.blu.org > http://lists.blu.org/mailman/listinfo/discuss >
- References:
- [Discuss] audit root/sudo users for RHEL 6 server
- From: jomalloy at gmail.com (John Malloy)
- [Discuss] [BBLISA] audit root/sudo users for RHEL 6 server
- From: dsr at randomstring.org (Dan Ritter)
- [Discuss] [BBLISA] audit root/sudo users for RHEL 6 server
- From: jomalloy at gmail.com (John Malloy)
- [Discuss] [BBLISA] audit root/sudo users for RHEL 6 server
- From: bill.n1vux at gmail.com (Bill Ricker)
- [Discuss] audit root/sudo users for RHEL 6 server
- Prev by Date: [Discuss] [BBLISA] audit root/sudo users for RHEL 6 server
- Next by Date: [Discuss] apache
- Previous by thread: [Discuss] [BBLISA] audit root/sudo users for RHEL 6 server
- Next by thread: [Discuss] apache
- Index(es):