[sudo-users] Audit tool for Sudo
Todd C. Miller
Todd.Miller at sudo.ws
Sat Apr 14 10:56:38 MDT 2018
On Fri, 13 Apr 2018 13:40:12 -0000, "Price, Dean" wrote:
> Is anyone aware of any tools that can audit Sudo and provide
> a report for what users have access to run in Sudo?
Some people use multiple runs of "sudo -l -U user -h host" for this
but that doesn't really scale well as it can take a very long time
when you have a lot of users.
Newer versions of sudo can export a sudoers file in JSON format
which is easier to parse into a report.
In Sudo 1.8.23, this functionality has moved to the new cvtsudoers
utility which can also filter by user and host. cvtsudoers is not
a reporting utility but it could be used as the basis for one.
More information about the sudo-users