You need to report who has the root passwords and who is in the sudo files, and whether there are any other means of becoming root. Powerbroker or other tools including Tivoli, puppet etc are included. If you can run a puppet script as root, you’re root. Sent from my iPad
On Apr 17, 2020, at 11:56 AM, John Malloy <jomalloy@gmail.com> wrote:
What is the best way to provide proof to an audit person who needs to know all the root/sudo users for a RHEL 6 server?
(I am new at this company, and don't have access to all their resources)
We can provide the /etc/passwd & /etc/sudoers file (the auditor may not know how to read these files)
We also have the RedHat Identity Management running here, but I am not familiar with this tool.
Any suggestions would be appreciated.
Thanks!
John Malloy jomalloy@gmail.com _______________________________________________ bblisa mailing list bblisa@bblisa.org http://www.bblisa.org/mailman/listinfo/bblisa