Services & Support
Documentation
Auditor Help: List of commands to be added to SUDO config files
Following commands need to be added to SUDO configuration file on Red Hat Linux servers:
/usr/bin/id
/usr/bin/groups
/bin/ls /var/spool/cron
/bin/cat /var/spool/cron/root
/bin/cat /boot/grub/grub.conf
/bin/cat /etc/grub.conf
/sbin/fdisk -l
/bin/cat /etc/lilo.conf
/usr/sbin/repquota -av
/bin/cat /etc/sysctl.conf
/sbin/sysctl -A
/bin/cat /proc/sys/net/ipv4/*
/bin/cat /proc/sys/net/ipv4/conf/*
/bin/cat /etc/securetty
/bin/cat /etc/passwd
/bin/cat /etc/shadow
/usr/sbin/pwck -r
/usr/sbin/grpck -r
/bin/cat /etc/at.allow
/bin/cat /etc/at.deny
/bin/cat {path_to_sudoers_file}
/bin/cat /var/log/secure
/bin/cat {path_to_sudolog}
/bin/cat {path_to_sshd_config_file}
Following commands need to be added to SUDO configuration file on SuSe Linux servers:
/bin/cat /var/spool/at/*
/bin/cat /var/spool/cron/*
/bin/cat ***SECURELOGSUDO
/bin/cat ***SSHDCONFIG
/bin/cat ***SUDOERSPATH
/bin/cat /etc/at.allow
/bin/cat /etc/at.deny
/bin/cat /etc/grub.conf
/bin/cat /etc/lilo.conf
/bin/cat /etc/passwd
/bin/cat /etc/securetty
/bin/cat /etc/shadow
/bin/cat /etc/sysctl.conf
/bin/cat /var/spool/cron/root
/bin/ls /var/spool/cron
/sbin/fdisk -l
/sbin/sysctl -A
/usr/bin/groups
/usr/bin/id
/usr/sbin/grpck -r
/usr/sbin/repquota -av
/bin/cat {path_to_sudoers_file}
/bin/cat {path_to_sudolog}
/bin/cat {path_to_sshd_config_file}
Following commands need to be added to SUDO configuration file on Solaris servers:
/usr/bin/id
/usr/bin/groups
/bin/cat /var/spool/cron/crontabs/root
/usr/sbin/prtvtoc /dev/rdsk/*s0
/usr/platform/`/sbin/uname -i`/sbin/prtdiag -v
/bin/kbd -t
/bin/cat /etc/defaultrouter
/bin/wc -l /etc/shadow
/bin/cat /usr/aset/asetenv
/usr/sbin/ndd -get /dev/ip ip_strict_dst_multihoming
/usr/sbin/ndd -get /dev/ip ip_forwarding
/usr/sbin/ndd -get /dev/ip ip_forward_src_routed
/usr/sbin/ndd -get /dev/ip ip_enable_group_ifs
/usr/sbin/ndd -get /dev/ip ip_forward_directed_broadcasts
/usr/sbin/ndd -get /dev/ip ip_respond_to_echo_broadcast
/usr/sbin/ndd -get /dev/ip ip_icmp_err_interval
/usr/sbin/ndd -get /dev/ip ip6_forward_src_routed
/usr/sbin/ndd -get /dev/ip ip6_forwarding
/usr/sbin/ndd -get /dev/ip ip6_respond_to_echo_broadcast
/usr/sbin/ndd -get /dev/ip ip_path_mtu_discovery
/usr/sbin/ndd -get /dev/ip ip_ire_pathmtu_interval
/usr/sbin/ndd -get /dev/ip ip_respond_to_address_mask_broadcast
/usr/sbin/ndd -get /dev/ip ip_send_redirects
/usr/sbin/ndd -get /dev/ip ip_ignore_redirect
/usr/sbin/ndd -get /dev/ip ip_respond_to_timestamp
/usr/sbin/ndd -get /dev/ip ip_respond_to_timestamp_broadcast
/usr/sbin/ndd -get /dev/ip ip_strict_dst_multihoming
/usr/sbin/ndd -get /dev/ip ip_enable_group_ifs
/bin/cat /etc/hostname.*
/bin/cat /etc/shadow
/usr/sbin/quota -v
/bin/cat {path_to_sudoers_file}
/bin/cat {path_to_sudolog}
/bin/cat {path_to_sshd_config_file}
Following commands need to be added to SUDO configuration file on AIX servers:
/usr/bin/id
/usr/bin/groups
/usr/bin/bootlist -m normal -o
/usr/bin/bootlist -m service -o
/usr/bin/bootlist -m prevboot -o
/usr/sbin/bootinfo -t
/usr/sbin/bootinfo -k
/usr/sbin/bosdebug -L
/usr/sbin/bootinfo -z
/usr/bin/ls -l /usr/adm/log/syslog.log
/usr/bin/ls -l /var/spool/cron/crontabs/*
/usr/bin/ls -l /var/spool/cron/atjobs/*
/usr/bin/ls -l /var/adm/cron/*
/bin/grep /var/spool/cron/crontabs/*
/bin/grep /var/spool/cron/atjobs/*
/bin/grep /var/adm/cron/*
/usr/bin/cat /etc/bootparams
/usr/sbin/bootinfo -b
/usr/bin/cat /etc/inittab
/usr/sbin/bootinfo -p
/usr/sbin/bootinfo -y
/usr/bin/showmount -a
/etc/route -n get default
/usr/bin/cat /ect/ppp/lcp_config
/usr/bin/cat /ect/ppp/if_conf
/usr/bin/cat /etc/namedb/named.conf
/usr/sbin/xntpdc -c peers
/usr/bin/cat /var/yp/aliases
/usr/lib/nis/nisstat
/bin/grep getty /etc/inittab
/usr/bin/cat /etc/ftpusers
/usr/bin/cat /etc/ftpgroups
/usr/sbin/grpck
/usr/sbin/pwdck
/usr/bin/cat /etc/security/login.cfg
/bin/cat /etc/shadow
/bin/cat /etc/security/passwd
/bin/cat /etc/security/user
/bin/cat {path_to_sudoers_file}
/bin/cat {path_to_sudolog}
/bin/cat {path_to_sshd_config_file}
Following commands need to be added to SUDO configuration file on HPUX servers:
/usr/bin/id
/usr/bin/groups
/usr/bin/at -l
/usr/bin/cat /etc/hosts.equiv
/usr/bin/cat /etc/named.boot
/usr/bin/cat /.rhosts
/usr/sbin/lvlnboot -v
/usr/sbin/dmesg
/usr/bin/adb -k /stand/vmunix /dev/mem
/usr/sbin/ioscan -k
/usr/sbin/swapinfo
/usr/bin/cat /etc/exports
/usr/sbin/exportfs -v
/usr/sbin/diskinfo -v /dev/*
/usr/contrib/bin/nettune -l
/bin/ndd -get /dev/rawip rawip_bsd_compat
/bin/ndd -get /dev/rawip rawip_wroff_extra
/usr/lib/nis/nisstat
/usr/bin/cat /var/yp/aliases
/usr/bin/find /var/yp/binding/*/ypservers -print -exec /bin/cat \{\} \;
/usr/bin/rpcinfo -s
/usr/bin/rpcinfo -p
/bin/ls -l /var/nis/NIS_COLD_START
/usr/bin/find /etc/default -type f -print -exec /usr/bin/cat \{\} \;
/usr/bin/cat /etc/ftpd/ftpusers
/usr/bin/cat /etc/ftpd/ftpgroups
/usr/bin/cat /etc/securetty
/usr/bin/cat /etc/hosts.allow
/usr/bin/cat /etc/hosts.deny
/usr/bin/wc -l /etc/shadow
/bin/cat {path_to_sudoers_file}
/bin/cat /var/log/secure
/bin/cat {path_to_sudolog}
/bin/cat {path_to_sshd_config_file}
Following format is expected to be used for command insertion:
{user_name} {auditor_host} = (root) {command}where
- {user_name} is the logon name to be used for SUDOed data collection against particular server;
- {auditor_host} is the host name or IP address of a host where Auditor is installed, ALL may be used to allow connections from all hosts;
- {command} is one of the commands listed above.
- {path_to_sudoers_file} is the complete path to sudoers file, e.g. /etc/sudoers
- {path_to_sudolog} is the complete path to sudo log file, e.g. /var/log/authlog
- {path_to_sshd_config_file} is the complete path to sshd_config file, e.g. /etc/sshd/sshd_config
