We are currently working on creating a web report analysis that displays a list of local users and local administrator groups on Linux operating systems. At the moment, we use the following manual commands to retrieve this information:
Local admin groups (Linux): getent group | egrep '^(sudo|wheel|admin):'
For Windows OS, we use: net user net localgroup administrators
Could anyone help or provide guidance on how to build a BigFix web report to automatically display this information for both Linux and Windows systems?
I’m not sure if this will work but for the local accounts see if this works for you.
Linux Local user list
(name of it) of (local users)
For Windows - This should do what you need.
All Administrators Group Members (Single Line)
concatenation “;” of ((if not exists (local group it) then "<missing group " & it & “>” else (if it as lowercase starts with hostname as lowercase & "" then "." & following text of first "" of it else if it contains "" then following text of first "" of it else it) of (it as string) of sids of members of local group it) of “Administrators”)
All Administrators Group Members with Domain (Single Line)
concatenation “;” of ((if not exists (local group it) then "<missing group " & it & “>” else (if it as lowercase starts with hostname as lowercase & "" then "." & following text of first "" of it else it) of (it as string) of sids of members of local group it) of “Administrators”)
Regarding Linux Local admin audits, we have a series of properties that one of my co-workers wrote that we use to collect linux audit information for webreports to do local admin audits, maybe these will help you.
Sudoers File Contents (Single Line)
concatenation " " of substrings separated by “%09” of ( ( concatenation “;” of ( lines whose ( it does not start with “#” AND it does not start with “Defaults” AND it as trimmed string != “” ) of file “/etc/sudoers” as string ) ) as string )
Sudoers File Contents
( lines whose ( it does not start with “#” AND it does not start with “Defaults” AND it as trimmed string != “” ) of file “/etc/sudoers” as string )
Sudoers.d Files (Single Line)
concatenation “” of substrings separated by “/etc/sudoers.d/” of ( concatenation “;” of ( ( files of folder “/etc/sudoers.d” ) as string ) )
Sudoers.d Files
names of files of folder “/etc/sudoers.d”
Sudoers.d Admins
lines whose ( it does not start with “#” AND it does not start with “Defaults” AND it does not start with “Host_Alias” AND it does not start with “Cmnd_Alias” AND it as trimmed string != “” ) of ( files of folder “/etc/sudoers.d” )
Sudoers.d Host Aliases
lines whose ( it starts with “Host_Alias” ) of ( files of folder “/etc/sudoers.d” )
Sudoers.d Command Aliases
lines whose ( it starts with “Cmnd_Alias” ) of ( files of folder “/etc/sudoers.d” )