July 17, 2021

Recommendations for tools that parse sudoers configs and auditd for compliance checks

Looking for tools that parse all the sudoers configs files and auditd rules/configuration to gain better insight into the security of a system. The idea is to use the tool to aid in the compliance checks of a system. It would be great if the tool could help check against certain policies, but even organizing the data into digestible formats would help greatly. Using sudoers configs as an example where it’s possible to have pretty complex setup spread across multiple files, it would be nice if the tool could condense it down to let say say “these are all the admins in the systems, and here is one each one is allowed to do.”

I tried my hand at writing such a tool, but it feels like I’m re-inventing the wheel trying to write a EBNF format parser, and probably misinterpreted some rules and missed some edge cases. I intend to use the output of the tool to fit into a custom test framework like Lynis.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.