Looking for tools that parse all the sudoers configs files and auditd rules/configuration to gain better insight into the security of a system. The idea is to use the tool to aid in the compliance checks of a system. It would be great if the tool could help check against certain policies, but even organizing the data into digestible formats would help greatly. Using sudoers configs as an example where it’s possible to have pretty complex setup spread across multiple files, it would be nice if the tool could condense it down to let say say “these are all the admins in the systems, and here is one each one is allowed to do.”
I tried my hand at writing such a tool, but it feels like I’m re-inventing the wheel trying to write a EBNF format parser, and probably misinterpreted some rules and missed some edge cases. I intend to use the output of the tool to fit into a custom test framework like Lynis.