Organizations have recognized that granting excessive privileges, including root, increase risks with respect to misuse, malware and mistakes. To help address this concern administrators have turned to sudo. However, as many administrators have learned that – although free – using sudo for Unix or Linux privilege management is a complex and time-consuming effort, and often does not provide the level of controls required to comply with internal and external IT regulations. But replacing sudo is not an easy task. For those looking to maintain sudo, it’s very difficult for Unix and Linux administrators to do without some form of centralized management. In addition, properly managing the log data is almost always a losing battle for most admins.
With simplified policy management, PowerBroker for Sudo enables organizations to reduce the time spent on administration, increase the security and reliability of event and session log data, and improve visibility into entitlements. Additionally, PowerBroker for Sudo offers a simplified migration strategy for customers looking to eventually move from sudo to a full privilege management solution like PowerBroker for Unix and Linux.
“At BeyondTrust, we understand that managing sudo for Unix or Linux is a difficult task but one that must be undertaken considering the complexity and risk associated with replacing the system,” said Brad Hibbert, CTO, BeyondTrust. “For those customers that decide to maintain sudo, PowerBroker for Sudo strives to simplify the management of the sudoers file and achieve compliance by providing centralized repository for multiple policy files with full version control and also centralizes indexed log data with a powerful reporting system as well. Sudo is not going away, so we are here to assist companies that decide to maintain it – especially for their non-critical systems.”
Key Capabilities of PowerBroker for Sudo:
· Simplified Policy Management – Centralize policy files in a single management location, and group hosts with common sudoers files using the simple Group Alias feature. Alternatively, the solution also allows each host its own sudoers file or use of hybrid of Individual and Grouped sudoers files.
· Full Change Management – Approve changes, implement version control and roll-back centralized ‘sudoers’ files to help achieve compliance.
· Centralize Log Data – All commands elevated using sudo are recorded in the centralized event log. Organizations can securely transmit and store keystroke logs to a dedicated and centralized server.
· Migration Path to Full Unix and Linux Privilege Management – Centralized database, sudo policy, management, logging and change control provides a simplified migration strategy for organizations looking to move from sudo.
