Chris Cox wrote:
> On Sun, 2008-03-16 at 21:41 -0700, mom wrote:
>> Does anybody know of an existing script/package to generate a report
>> like this:
>>
>> We need a copy of an OS account audit report. This report will include
>> a status review of all currently open accounts on all Linux systems,
>> when those accounts were activated, who created them, what they are
>> allowed to access, and what their privilege levels are.
>>
>> We have 200 linux servers so obviously we need a way to automate
>> this. :)
>
> Well... what mechanism do you use to automate the creation of users
> across those 200 hosts? You need to hook your accounting into that.
> With regards to the past, if you were not tracking who did what
> as root... there's no good way of doing that for the past.
>
> Privilege levels in *ix are site defined (mostly). Btw, they are
> site defined (mostly) in Windows now as well, just that most
> are clueless about it.
>
> So... the truth is... can't be done (by default).
>
> However, you can tweak your own processes and security
> policies to enable some of this kind of tracking for
> future build outs.

Note that this only works if you create accounts *only* with a managed tool.
When you have local admins able to create local accounts, and systems such as
normal /etc/passwd that don't timestamp accounts, you have a real problem.