Also, if I recall from my days at the bank, that the auditors were almost hands on in that they had to be on site when you gave them the info.
-- Jerry Feldman <g...@gapps.blu.org> Boston Linux and Unix PGP key id: 537C5846 PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB CA3B 4607 4319 537C 5846 On Fri, Apr 17, 2020, 6:21 PM Bill Ricker <bill.n1...@gmail.com> wrote: > On Fri, Apr 17, 2020 at 2:58 PM John Malloy <jomal...@gmail.com> wrote: > > > They just want to know who can login as [root] or sudo > > These are both Oracle servers and they only have a [root] and Oracle > > account > > There’s no additional users in the Sudo file > > > > > > > What is the best way to provide proof to an audit person who needs to > > > know all the root/sudo users for a RHEL 6 server? > > > > Some auditors collect their own reports ... > > > > > We can provide the /etc/passwd & /etc/sudoers file > > > Probably need to provide */etc/group* as well, since sudoers can grant > privilege on a secondary group membership, typically "*wheel*" (or > sometimes "*sudoers*"). > > If you have */etc/sudoers.d/ * directory on the server, provide all the > files under there too ... > (Not sure if that's even an option on RHEL6, but it's useful with > deployment tools.) > > > > (the auditor may not know how to read these files) > > > > If not, you may need a better grade of auditor ... > > Zipping up the files should be good enough ... unless they're Windows only > people trying to audit your Linux servers too. > > I see one script to do reporting on Sudoers. (If you have the .d directory > you have invoke it per file.) > I haven't tried it, and frankly, if running this as root you should read > the code carefully before running any script as Root !! > > https://github.com/jeremypruitt/sudoers-report > > YMMV. > > > > > > > > > > -- > Bill Ricker > bill.n1...@gmail.com > https://www.linkedin.com/in/n1vux > _______________________________________________ > Discuss mailing list > Discuss@lists.blu.org > http://lists.blu.org/mailman/listinfo/discuss > _______________________________________________ Discuss mailing list Discuss@lists.blu.org http://lists.blu.org/mailman/listinfo/discuss
