[sudo-workers] auditing of policy evaluated on sudoers

Rohit Bansal banro21 at gmail.com
Fri May 10 07:21:39 MDT 2019


Is there a way to find out which policy and group was evaluated to get a
user capability to sudo.

We have 100+ different groups which give sudo to root and other accounts.
The intention is to audit which group is being used when sudo is run by
100s of user on regular basis.

I tried running sudo in debug mode. I was hoping to get the egid as the
group to reflect the information. However i could not find any ways to
capture that information from logs.

Any help would be appreciated. If there is a patch which is available to
apply which get that information, that would also be helpful.


More information about the sudo-workers mailing list