HPE Community
Operating System - HP-UX
1756728 Members
2601 Online
108852 Solutions
New Discussion юеВ

IT Audits

 
khilari
Regular Advisor

тАО08-06-2009 05:38 AM

тАО08-06-2009 05:38 AM

IT Audits

Hi Guys, i am doing an IT audit right now and am asked to show the following:
1) /etc/sudoers
2) List of users having full sudo access to all commands.
3) Run the following commands:
a) #find/ -name root -perm -4000 -print
b) #find/ -name -perm -2000 -print
c) #find/ -name root -perm -4000 | sum>today


I am wondering though what this find command is doing. When i run it i dont get any output what does that mean.
Thanks
0 Kudos
Reply
3 REPLIES 3
Stephan.
Honored Contributor

тАО08-06-2009 05:53 AM

тАО08-06-2009 05:53 AM

Re: IT Audits

Hi khilari,
no output means you are on the save side ;-)

Wild Guess, it is a SAP Audit?

http://www.auditnet.org/docs/SAP_AP2.doc

"11. Perform a find command to identify all suid and sgid programs that are owned by root. Using
this output sum the result to compare from one day to the next to track differences. The diff
command can be used to identify any changes that have occurred."



How to assign Points - Kudos - what, where, how, and why
New Forum Locations by ITRC Tree
New Forums Site Map
Want Good Answers? Ask Good Questions...
0 Kudos
Reply
Pete Randall
Outstanding Contributor

тАО08-06-2009 05:56 AM

тАО08-06-2009 05:56 AM

Re: IT Audits

If those find commands are correct, I'm not surprised that you didn't get any output. The first is looking for files named "root" with permissions of 4000 (assuming there is a space in between "find" and "/" when you actually run it). The second one is looking for files name "-perm" with permission of 2000 (with the same assumption). And the third is once again looking for files name "root".


Pete

Pete
0 Kudos
Reply
OldSchool
Honored Contributor

тАО08-06-2009 06:10 AM

тАО08-06-2009 06:10 AM

Re: IT Audits

yep...take right out of the audit manual....which is probably wrong.

It's far more likely they want "-user root", instead of "-name root".

of course, you could skip the name / user bit, and just look for the perms. You should be able to justify anything found. And you could "-o" the conditions so that you don't have to make 3 passes as shown.

of course, you could just provide them *exactly* what they asked for... I'd be tempted to do the later.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.