LQ Newbie
Registered: Nov 2014
Posts: 4
Original Poster
Rep:
|
Thanks for your response, here is what our central sudoers file looks like. I am actually looking for a script which can parse out this central sudoers file and provide information like which users have "sudo to root" privilege on what servers. I know we can easily identify by looking at the file, but the audit team erquires a automation process/script which can provide them this info on daily basis.
User_Alias UA_Unixteam = root,abc,xyz,def,sys
User_Alias UA_informix = informix,test,user
User_Alias UA_caesar = caesar,test,user
User_Alias UA_tsm = tsmuser,testuser,client
User_Alias UA_pwi = pwi,pwiuser
Cmnd_Alias CA_dcops = /oracle/product/weblogic1036/asinst_1/bin/opmnctl status,\
/oracle/etc/bin/iasctl healthcheck,\
/oracle/product/10.1.2/opmn/bin/opmnctl status,\
/oracle/product/weblogic1036/Oracle_FRHome1/opmn/bin/opmnctl status,\
/oracle/product/weblogic1036/asinst_1/bin/opmnctl status,\
/oracle/etc/bin/mon_xinit.sh, /usr/bin/enq
Cmnd_Alias CA_ops = /oracle/app/comreg/product/1.0.0/bin/jobsys.sh,\
/oracle/app/comreg/product/1.0.0/bin/jobsys_daemon.sh,\
/oracle/app/comreg/product/1.0.0/bin/jobsys_dispatcher.sh,\
/oracle/app/comreg/product/1.0.0/bin/jobsys_scheduler.sh,\
/oracle/app/comreg/product/1.0.0/bin/jobsys_reports.sh,\
/oracle/app/comreg/product/1.0.0/bin/jobsys_apache.sh,\
/oracle/app/outsrc/product/1.0.0/bin/jobsys_daemon_out.sh,\
/oracle/app/outsrc/product/1.0.0/bin/jobsys_scheduler_out.sh,\
/oracle/app/outsrc/product/1.0.0/bin/jobsys_dispatcher_out.sh
Cmnd_Alias CA_oraftp = /oracle/app/comreg/product/1.0.0/bin/jobsys.sh,\
/oracle/app/comreg/product/1.0.0/bin/jobsys_daemon.sh,\
/oracle/app/comreg/product/1.0.0/bin/jobsys_dispatcher.sh,\
/oracle/app/comreg/product/1.0.0/bin/jobsys_scheduler.sh,\
/oracle/app/comreg/product/1.0.0/bin/jobsys_reports.sh,\
/oracle/app/comreg/product/1.0.0/bin/jobsys_apache.sh
Cmnd_Alias CA_oracle = /oracle/app/comreg/product/1.0.0/bin/jobsys.sh,\
/oracle/app/comreg/product/1.0.0/bin/jobsys_daemon.sh,\
/oracle/app/comreg/product/1.0.0/bin/jobsys_dispatcher.sh,\
/oracle/app/comreg/product/1.0.0/bin/jobsys_scheduler.sh,\
/oracle/app/comreg/product/1.0.0/bin/jobsys_reports.sh,\
/oracle/app/comreg/product/1.0.0/bin/jobsys_apache.sh,\
/oracle/app/outsrc/product/1.0.0/bin/jobsys_daemon_out.sh,\
/oracle/app/outsrc/product/1.0.0/bin/jobsys_scheduler_out.sh,\
/oracle/app/outsrc/product/1.0.0/bin/jobsys_dispatcher_out.sh
Cmnd_Alias CA_Unixteam = /usr/bin/su -, /usr/bin/su - root, /bin/su -, /bin/su - root
Cmnd_Alias CA_Temproot = /usr/bin/su -, /usr/bin/su - root, /bin/su -, /bin/su - root
Cmnd_Alias CA_informix = /usr/bin/su - informix, /usr/sbin/strload
Cmnd_Alias CA_caesar = /usr/bin/su - caesar
Cmnd_Alias CA_tsm = /usr/bin/dsmadmc
Cmnd_Alias CA_comreg = /usr/local/scripts/prtq_script.pl, /usr/bin/enq
Cmnd_Alias CA_pwi = /usr/bin/su - pwi, /usr/bin/su - httpd, /usr/bin/su - ops
Host_Alias HA_Unixteam = ALL
Host_Alias HA_dcops = server1,server2,test1,test2,prdserver1,prdserver2
Host_Alias HA_ops = server1,server2,test1,test2,prdserver1,prdserver2
Host_Alias HA_oraftp = server1,server2,test1,test2,prdserver1,prdserver2
Host_Alias HA_oracle = server1,server2,test1,test2,prdserver1,prdserver2
Host_Alias HA_informix = server1,server2,test1,test2,prdserver1,prdserver2
Host_Alias HA_caesar = server1,server2,test1,test2,prdserver1,prdserver2
Host_Alias HA_tsm = server1,server2,test1,test2,prdserver1,prdserver2
Host_Alias HA_comreg = server1,server2,test1,test2,prdserver1,prdserver2
Host_Alias HA_pwi = server1,server2,test1,test2,prdserver1,prdserver2
UA_Unixteam HA_Unixteam = (ALL) NOPASSWD: CA_Unixteam
dcops HA_dcops = (oraias) NOPASSWD: CA_dcops
ops HA_ops = (oracle) NOPASSWD: CA_ops
oraftp HA_oraftp = (oracle) NOPASSWD: CA_oraftp
oracle HA_oracle = (oracle) NOPASSWD: CA_oracle
UA_informix HA_informix = NOPASSWD: CA_informix
UA_caesar HA_caesar = NOPASSWD: CA_caesar
UA_tsm HA_tsm = NOPASSWD: CA_tsm
comreg HA_comreg = NOPASSWD: CA_comreg
UA_pwi HA_pwi = NOPASSWD: CA_pwi
###Temproot users ################################################################################
Host_Alias HA_user1 = server1,server2,test1,test2,prdserver1,prdserver2
user1 HA_user1 = (ALL) NOPASSWD: CA_Temproot
Host_Alias HA_user2 = server1,server2,test1,test2,prdserver1,prdserver2
user2 HA_user2 = (ALL) NOPASSWD: CA_Temproot
Host_Alias HA_user3 = server1,server2,test1,test2,prdserver1,prdserver2
user3 HA_user3 = (ALL) NOPASSWD: CA_Temproot
Host_Alias HA_user4 = server1,server2,test1,test2,prdserver1,prdserver2
user4 HA_user4 = (ALL) NOPASSWD: CA_Temproot
|