[sudo-users] Parsing the sudoers file
Tim Bradshaw
tfb at tfeb.org
Tue Sep 24 08:21:18 MDT 2013
On 24 Sep 2013, at 14:13, Shawn McMahon wrote:
>
>
> Well, true, but to prepare for an audit you have to solve those problems
> anyway, and to respond to an audit you're going to have a smaller sample of
> servers to validate. You're going to be asked to prove that THOSE SERVERS
> meet your controls, and that makes the problem much more manageable.
>
> Throw in something like Ansible or Puppet, or even just xapply or
> ClusterSSH even, and you're well on your way to making this doable, if not
> simple.
I probably can't explain why this is nonviable without getting myself sacked, but trust me, parsing the sudoers file *even if I had to work for the rest of my life to write the parser* would be cheaper than fixing the infrastructure.
Sorry for wasting bandwidth with this.
More information about the sudo-users
mailing list