From the many sudoer files on a Unix operating system, I am trying to retrieve the users that have full root permissions via a User_Alias and/or Cmnd_Alias. To get the result, I currently have 3 different different queries where one result is feed into a text search for the following query.
Is there a way to “stich” these a result from one query to another? The challenge is that there could be multiple results for each query but in this example there is only 1. I have a .sh script that can give me the results but I don’t want to have to execute a fixlet just to write the results to a log file and have an Analysis read it.
In this example, a Cmnd_Alias exists called ADM_CMD that has full root permission to ksh. A User_Alias called BISADM exists tied to the Cmnd_Alias. Then individual users are given access to that User_alias.
important lines from the sudoer file(s):
Cmnd_Alias ADM_CMD=/bin/ksh
BISADM ALL=NOPASSWD:ADM_CMD
User_Alias BISADM=user1,user2,user3
Q: (if it contains "%09" then following text of first "%09" of it else if it contains " " then following text of first " " of it else it) of preceding text of first "=" of (lines whose (it as lowercase starts with "cmnd_alias" AND (it contains "ALL=(ALL)" or it contains "ALL = (ALL)" or it contains "ALL=(root)" or it contains "ALL = (root)" or it contains "/bin/su" or it contains "/bin/sh" or it contains "/bin/bash" or it contains "/bin/ksh" or it contains "echo" or it contains "cat" or it contains "passwd" or it contains "shadow" or it contains "vi") AND (it does not contain "#" and it does not contain "!visiblepw")) of (files ("/etc/sudoers";"/usr/local/etc/sudoers";"/opt/sfw/etc/sudoers";"/etc/opt/csw/sudoers");(if exists folder "/etc/sudoers.d" whose (exists files of it) then (files of folder "/etc/sudoers.d") else nothing)))
A: ADM_CMD
T: 9362
===================
Q: `(if it contains "%09" then preceding text of first "%09" of it else if it contains " " then preceding text of first " " of it else it) of lines whose (it as string as lowercase contains "adm_cmd" and it as string as lowercase does not start with "cmnd_alias") of (files ("/etc/sudoers";"/usr/local/etc/sudoers";"/opt/sfw/etc/sudoers";"/etc/opt/csw/sudoers");(if exists folder "/etc/sudoers.d" whose (exists files of it) then (files of folder "/etc/sudoers.d") else nothing))`
A: BISADM
T: 11057
========================
Q: unique values whose (it != "") of (following text of first "=" of it) of lines whose (it as string as lowercase contains "bisadm" and it as string as lowercase does not contain "adm_cmd") of (files ("/etc/sudoers";"/usr/local/etc/sudoers";"/opt/sfw/etc/sudoers";"/etc/opt/csw/sudoers");(if exists folder "/etc/sudoers.d" whose (exists files of it) then (files of folder "/etc/sudoers.d") else nothing))
A: user1,user2,user3
T: 11292