diff --git a/app/services/realtime_audit_service.py b/app/services/realtime_audit_service.py
index fed5824..736deaf 100644
--- a/app/services/realtime_audit_service.py
+++ b/app/services/realtime_audit_service.py
@@ -233,17 +233,29 @@ def _connect(target, hostname=None):
 
 def _run(client, cmd):
     try:
-        # Tester si on est déjà root ou si on a besoin de sudo
+        # Test root vs sudo
         _, stdout, _ = client.exec_command("id -u", timeout=5)
         uid = stdout.read().decode().strip()
         if uid == "0":
-            full = cmd  # Déjà root, pas besoin de sudo
+            full = cmd
         else:
             escaped = cmd.replace("'", "'\"'\"'")
             full = f"sudo bash -c '{escaped}'"
         _, stdout, stderr = client.exec_command(full, timeout=15)
         out = stdout.read().decode("utf-8", errors="replace").strip()
         err = stderr.read().decode("utf-8", errors="replace").strip()
+
+        # Fallback sans sudo si sudoers refuse bash -c
+        if (not out) and err and ("pas autorisé" in err or "not allowed to execute" in err
+                                   or "is not allowed" in err or "command not found" in err.lower()):
+            _, stdout, stderr = client.exec_command(cmd, timeout=15)
+            out = stdout.read().decode("utf-8", errors="replace").strip()
+            err2 = stderr.read().decode("utf-8", errors="replace").strip()
+            if out:
+                err = ""
+            else:
+                err = err2 or err
+
         result = out if out else err
         lines = [l for l in result.splitlines() if not any(b in l for b in BANNER_FILTERS) and l.strip()]
         return "\n".join(lines).strip()