# Sudoers

## Overview

**Evidence:** Sudoers\
**Description:** Collect sudoers\
**Category:** Applications\
**Platform:** linux\
**Short Name:** sudoers\
**Is Parsed:** Yes\
**Sent to Investigation Hub:** Yes\
**Collect File(s):** No

## Background

Linux sudoers configuration provides information about privilege escalation policies and administrative access controls. This data is essential for understanding privilege management and detecting unauthorized privilege escalation.

## Data Collected

This collector gathers structured data about sudoers.

### Sudoers Data

| Field         | Description  | Example       |
| ------------- | ------------ | ------------- |
| `Header`      | Header       | Example value |
| `RuleDetails` | Rule Details | Example value |
| `Source`      | Source       | Example value |

## Collection Method

This collector parses sudoers configuration files and records entries into the `sudoers` table.

## Forensic Value

This evidence is crucial for forensic investigations as it provides privilege escalation information. It helps investigators understand privilege policies, detect unauthorized privilege escalation, and investigate privilege-based attacks.