#! /usr/bin/perl -w# EDW# Quick little script to rattle through a sudoers file

1. #! /usr/bin/perl -w
2. # EDW
3. # Quick little script to rattle through a sudoers file and make recommendations
4.  
5. if ($^O eq "MSWin32") { print "Windows....really....use *nix\n"; exit; }
6.  
7. $file = "/etc/sudoers";
8. $line="\="x50;
9.  
10. if ($#ARGV != 0) {
11. print "No paramater file supplied......"; sleep (2);
12. print "using ",$file,"\n"; sleep (5);
13. $ARGV[0] = $file;
14. }
15.  
16. open (SUDO, "$ARGV[0]") || die ("Couldnt open $ARGV[0]\n"); @sudo=<SUDO>;
17. system ("clear");
18.  
19. print "\nAnalysis of $ARGV[0] starting.....\n\n";
20. sleep(1); #keep the suspense going....
21. print "$line\nThe Following Issues Have Been Identified:\n$line\n";
22.  
23. $n = 0;
24. foreach (@sudo) {
25. chomp();
26. $n++;
27. next if /^#/;
28. print "[+] ($n) Roots Settings - $_\n" if $_ =~ /root/i;
29. print "[+] ($n) Use of NOPASSWD - $_ \n" if $_ =~ /NOPASSWD/i;
30. print "[+] ($n) USER_ALIAS Defined - $_ \n" if $_ =~ /USER_ALIAS/i;
31. print "[+] ($n) Cmnd_Alias Defined - $_ \n" if $_ =~ /Cmnd_Alias/i;
32. print "[+] ($n) System Groups Defined - $_ \n" if $_ =~ /^\%/i;
33. }
34.  
35. print"$line\nAdvanced Checks (Common/Security Defaults)\n$line\n";
36. @list = ("passprompt","badpass_message","passwd_tries","pssswd_timeout","timestamp_timeout","syslog","logfile","lecture","insults","mail_always","root_sudo");
37.  
38. foreach $item (@list) {
39. @AU=grep(/$item/i, @sudo);
40. if ($#AU eq -1) {
41. print "[+] No $item Defined\n";
42. } else {
43. print "[-] $item Defined:\n\t- @AU";
44. }}
45.  
46. chomp ($d = `date +%H:%M:%S`);
47. print "$line\nFinished at $d - Diolch SLM!\n$line\n";