https://me.harvester.fr/tags/bash-scripting/Bash ScriptingHugoBlox Kit (https://hugoblox.com)en-usTue, 21 May 2024 00:00:00 +0000https://me.harvester.fr/media/icon_hu_59c72f5082cfcb9b.pnghttps://me.harvester.fr/tags/bash-scripting/https://me.harvester.fr/project/sudo-check/Tue, 21 May 2024 00:00:00 +0000https://me.harvester.fr/project/sudo-check/<p><strong>sudo-check</strong> is a lightweight security auditing utility designed to analyze Linux <code>/etc/sudoers</code> files and <code>/etc/sudoers.d/</code> directories. It helps security engineers and system administrators quickly identify misconfigurations, overly permissive rules, and potential privilege escalation pathways.</p> <p>By scanning for common policy weaknesses, this tool provides actionable insights to tighten system access controls.</p> <h3 id="key-auditing-features">Key Auditing Features</h3> <ul> <li><strong>Rule Analysis:</strong> Identifies <code>NOPASSWD</code> directives and wildcard user specifications that could allow unauthorized root access.</li> <li><strong>Directive Validation:</strong> Verifies the presence of key security directives such as <code>env_reset</code>, <code>secure_path</code>, and <code>use_pty</code>.</li> <li><strong>Permission Checks:</strong> Validates the file permissions and ownership of critical configuration files to prevent unauthorized editing.</li> <li><strong>Alias Resolution:</strong> Parsers user, run-as, and command aliases to audit complex, nested rule structures.</li> </ul>