1
0
-1

Hi, 

Would someone be able to give me a correct example of to add a non root user to sudoers in order to audit_linux.sh successfully?

I've added the following line via visudo "username ALL=(ALL)       NOPASSWD: /tmp/audit_linux.sh*" - this runs from the cli fine as expected but when I run a discovery for a device from the Open-Audit GUI it seems to still run with normal privileges. 

Thanks
Scott 

    CommentAdd your comment...

    2 answers

    1.  
      1
      0
      -1

      You will also need to allow the user to run whoami using sudo. The reason being that when we test for working credentials during discovery, we use "sudo whoami" to test if the user has sudo access. That would be why the script works locally, but not when running discovery.

       

      Add whoami to the list of allowed command sin sudoers and I think it'll work as intended.

      1. Scott Jackson

        Hi Marc, I tried your suggestion but it seems to still be not working. It looks like no attempt is made to run audit_linux.sh using sudo. I'm unsure of whether it is just a case of not detecting it properly or some other issue so I will log a support ticket with some more info on it to assist trouble shooting. Thanks Scott

      CommentAdd your comment...
    2.  
      1
      0
      -1

      Is this ubuntu? For CentOS I copy the file to /etc/cron.daily/ and a quick "chmod 755 /etc/cron.daily/audit_linux.sh" sets it to run every day just after 3am. Set and forget, avoid sudo completely. Wish I could get it to work for Ubuntu

      1. Scott Jackson

        Hi, thanks for the suggestion but that's not viable for the setup we wish to utilise as we're as we wish to operate using scheduled discoveries not using any root accounts. The OS is CentOS & Redhat

      2. Phil

        We use a scheduled audit, it happens every day. We login as root once when we set the system up, this works great. Sorry you can't utilize this simple solution

      CommentAdd your comment...