[Discuss] [BBLISA] audit root/sudo users for RHEL 6 server

Jerry Feldman gaf at gapps.blu.org
Fri Apr 17 18:26:28 EDT 2020


Also, if I recall from my days at the bank, that the auditors were almost
hands on in that they had to be on site when you gave them the info.

--
Jerry Feldman <gaf at gapps.blu.org>
Boston Linux and Unix
PGP key id: 537C5846
PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB  CA3B 4607 4319 537C 5846

On Fri, Apr 17, 2020, 6:21 PM Bill Ricker <bill.n1vux at gmail.com> wrote:

> On Fri, Apr 17, 2020 at 2:58 PM John Malloy <jomalloy at gmail.com> wrote:
>
> > They just want to know who can login as [root] or sudo
> > These are both Oracle servers and they only have a [root] and Oracle
> > account
> > There’s no additional users in the Sudo file
> >
> >
> > > What is the best way to provide proof to an audit person who needs to
> > > know all the root/sudo users for  a RHEL 6 server?
> >
>
> Some auditors collect their own reports ...
>
> > > > We can provide the /etc/passwd   &   /etc/sudoers file
>
>
> Probably need to provide */etc/group* as well, since sudoers can grant
> privilege on a secondary group membership, typically "*wheel*" (or
> sometimes "*sudoers*").
>
> If you have */etc/sudoers.d/ * directory on the server, provide all the
> files under there too ...
> (Not sure if that's even an option on RHEL6, but it's useful with
> deployment tools.)
>
> > > (the auditor may not know how to read these files)
> >
>
> If not, you may need a better grade of auditor ...
>
> Zipping up the files should be good enough ... unless they're Windows only
> people trying to audit your Linux servers too.
>
> I see one script to do reporting on Sudoers. (If you have the .d directory
> you have invoke it per file.)
> I haven't tried it, and frankly, if running this as root you should read
> the code carefully before running any script as Root !!
>
> https://github.com/jeremypruitt/sudoers-report
>
> YMMV.
>
> >
> >
>
> >
> > --
> Bill Ricker
> bill.n1vux at gmail.com
> https://www.linkedin.com/in/n1vux
> _______________________________________________
> Discuss mailing list
> Discuss at lists.blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>


More information about the Discuss mailing list