[sudo-users] Audit tool for Sudo

Todd C. Miller Todd.Miller at sudo.ws
Sat Apr 14 10:56:38 MDT 2018


On Fri, 13 Apr 2018 13:40:12 -0000, "Price, Dean" wrote:

> Is anyone aware of any tools that can audit Sudo and provide 
> a report for what users have access to run in Sudo?

Some people use multiple runs of "sudo -l -U user -h host" for this
but that doesn't really scale well as it can take a very long time
when you have a lot of users.

Newer versions of sudo can export a sudoers file in JSON format
which is easier to parse into a report.

In Sudo 1.8.23, this functionality has moved to the new cvtsudoers
utility which can also filter by user and host.  cvtsudoers is not
a reporting utility but it could be used as the basis for one.

 - todd


More information about the sudo-users mailing list