I perform systematic Linux IAM audits covering user accounts, group memberships, sudo privileges, SUID/SGID binaries, and sensitive filesystem permissions — identifying violations of the principle of least privilege and delivering a prioritized remediation report.
Audit scope includes: all user and group accounts with age and last-login analysis; orphaned and stale account identification; sudoers and sudoers.d rule review (overly broad ALL=ALL grants, passwordless sudo, etc.); SUID/SGID binary enumeration against expected baseline; permissions on /etc, /home, key config files, and web roots; PAM configuration review; and service account privilege mapping.
Deliverables: written findings report with severity ratings and justifications; recommended remediations with specific commands; and (from Standard engagements) applied changes with a change log. For multi-server engagements I deliver an Ansible playbook implementing the remediations so future servers start correctly.
Compliance mapping to CIS Controls, SOC 2, and PCI-DSS is available on request.