On Fri, Apr 17, 2020 at 2:58 PM John Malloy <jomal...@gmail.com> wrote:
> They just want to know who can login as [root] or sudo > These are both Oracle servers and they only have a [root] and Oracle > account > There’s no additional users in the Sudo file > > > > What is the best way to provide proof to an audit person who needs to > > know all the root/sudo users for a RHEL 6 server? > Some auditors collect their own reports ... > > > We can provide the /etc/passwd & /etc/sudoers file Probably need to provide */etc/group* as well, since sudoers can grant privilege on a secondary group membership, typically "*wheel*" (or sometimes "*sudoers*"). If you have */etc/sudoers.d/ * directory on the server, provide all the files under there too ... (Not sure if that's even an option on RHEL6, but it's useful with deployment tools.) > > (the auditor may not know how to read these files) > If not, you may need a better grade of auditor ... Zipping up the files should be good enough ... unless they're Windows only people trying to audit your Linux servers too. I see one script to do reporting on Sudoers. (If you have the .d directory you have invoke it per file.) I haven't tried it, and frankly, if running this as root you should read the code carefully before running any script as Root !! https://github.com/jeremypruitt/sudoers-report YMMV. > > > > -- Bill Ricker bill.n1...@gmail.com https://www.linkedin.com/in/n1vux _______________________________________________ Discuss mailing list Discuss@lists.blu.org http://lists.blu.org/mailman/listinfo/discuss
