HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
cancel
Showing results for 
Search instead for 
Did you mean: 

IT Audits

 
khilari
Regular Advisor

IT Audits

Hi Guys, i am doing an IT audit right now and am asked to show the following:
1) /etc/sudoers
2) List of users having full sudo access to all commands.
3) Run the following commands:
a) #find/ -name root -perm -4000 -print
b) #find/ -name -perm -2000 -print
c) #find/ -name root -perm -4000 | sum>today


I am wondering though what this find command is doing. When i run it i dont get any output what does that mean.
Thanks
3 REPLIES
Stephan.
Honored Contributor

Re: IT Audits

Hi khilari,
no output means you are on the save side ;-)

Wild Guess, it is a SAP Audit?

http://www.auditnet.org/docs/SAP_AP2.doc

"11. Perform a find command to identify all suid and sgid programs that are owned by root. Using
this output sum the result to compare from one day to the next to track differences. The diff
command can be used to identify any changes that have occurred."



Pete Randall
Outstanding Contributor

Re: IT Audits

If those find commands are correct, I'm not surprised that you didn't get any output. The first is looking for files named "root" with permissions of 4000 (assuming there is a space in between "find" and "/" when you actually run it). The second one is looking for files name "-perm" with permission of 2000 (with the same assumption). And the third is once again looking for files name "root".


Pete

Pete
OldSchool
Honored Contributor

Re: IT Audits

yep...take right out of the audit manual....which is probably wrong.

It's far more likely they want "-user root", instead of "-name root".

of course, you could skip the name / user bit, and just look for the perms. You should be able to justify anything found. And you could "-o" the conditions so that you don't have to make 3 passes as shown.

of course, you could just provide them *exactly* what they asked for... I'd be tempted to do the later.