PowerBroker UNIX & Linux: Privilege and Session Management

Partition privileged account capabilities without disclosing passwords, and maintain audit trails
of all activities with optional DVR-style session recording.

Proven Privilege and Session Management for UNIX, Linux and Mac Servers

PowerBroker for UNIX & Linux allows system administrators to delegate UNIX, Linux and Mac OS X privileges and authorization without disclosing passwords for root or other accounts. The solution can also record all privileged sessions for audits, including keystroke information. Customers use PowerBroker to meet the privileged access control requirements of government and industry mandates including SOX, HIPAA, PCI DSS, GLBA, PCI, FDCC and FISMA.

  • Enable users to perform specified administrative tasks without disclosing passwords
  • Integrate all policies, roles and log data via a web-based console
  • Automate workflows for policies and audit-ready logging
  • Broker permissions transparently, ensuring user productivity and compliance
  • Record and index all sessions for quick discovery during audits
  • Leverage across more than 30 different Unix/Linux platforms
PowerBroker UNIX & Linux UI
Los Alamos National Laboratory
“In PowerBroker for Servers, we found a cost-effective, robust solution for securely managing privileged access, satisfying compliance regulations and increasing productivity.” Enterprise Systems Team Lead, Los Alamos National Laboratory - See Case Study
PowerBroker Servers for UNIX & Linux

BeyondInsight Built-In

PowerBroker Servers for UNIX & Linux is part of the BeyondInsight IT Risk Management Platform, which unifies PowerBroker privileged account management solutions with Retina CS Enterprise Vulnerability Management. Capabilities include:

BeyondInsight Built-In
  • Centralized solution management and control via common dashboards
  • Asset discovery, profiling and grouping
  • Reporting and analytics
  • Workflow and ticketing
  • Data sharing between Retina and PowerBroker solutions

The result is a fusion of user and asset intelligence that allows IT and security teams to collectively reduce risk across complex environments.

Server Security Lifecycle


Key Benefits

  • Accurate baseline for all follow-on assessment activities
  • Target identification for least-privilege or other server projects such as consolidation or virtualization
  • Creation of server-specific Smart Groups for regular assessments, risk prioritization and reporting

Key BeyondTrust Capabilities

  • Provides complete inventory of server assets (approved and rogue)
  • Cataloging of full system information (OS, device, applications, services, ports etc. )
  • Discovery of local users, groups and privilege data across distributed server environment

Key Benefits

  • Proactive identification of vulnerabilities, misconfigurations and policy violations
  • Threat assessments on servers operating system, applications and configurations
  • Custom audits/assessments allow for identification of non-standard assets, software or configurations

Key BeyondTrust Capabilities

  • Accurate, actionable data helps drive proper remediation actions, accelerating risk reduction
  • Risk scoring streamlines the classification of most at-risk devices
  • Intuitive trending data for easy analysis, enabling better security strategy decisions

Key Benefits

  • "Operational GPS" directs IT to which actions provide the most risk-reduction benefits
  • Automated reporting on compliance efforts creates consistency and accountability, while driving down costs
  • Enterprise policy management and reporting

Key BeyondTrust Capabilities

  • Least Privilege implementation across the enterprise
  • Active Directory bridging across the enterprise
  • Robust database auditing
  • Non-Microsoft application patching

Key Benefits

  • Receive an immediate ‘state of the union’ with regards to your server deployment through Risk Scoring
  • Greater efficiency via enterprise-centric capabilities such as role based access, internal auditing, ticketing, and integration with existing infrastructure investments

Key BeyondTrust Capabilities

  • Centralized management, reporting and logging
  • Role based policy, alert and reporting management
  • Virtual Vulnerability Scans on elevated commands and applications


Security and Compliance

All user and admin activity are encrypted to selectable industry standard algorithms and stored in a secure centralized location. Encryption is performed for data in flight and at rest.

Stop Sharing Privileged Accounts

By implementing centralized control allows for true separation of duties, limiting users, administrators and auditors access to only the data relevant to them.

Segregation of Duties

By implementing centralized control allows for true separation of duties, limiting users, administrators and auditors access to only the data relevant to them.

Migration Path from SUDO

For companies with compliance or audit requirements that exceed capabilities of SUDO PowerBroker UNIX & Linux provides an alternative solution. This provides a centralized, scalable, supported and more advanced way to audit privileged activity.

  • Centralized Administration and Auditing

    The centralization of policy and audit data greatly reduces the administration and overhead normally associated with these tasks.
  • Flexible Policy Language

    The criteria that determines who can do what, where, when, and why providing granular options to the administrator.
  • Extensive Platform Support

    PowerBroker for UNIX & Linux has support for over 175 UNIX, Linux, and Mac OSX platforms.
    Full list of Supported Platforms
  • Flexible Authentication & Authorization

    Pluggable Authentication Module (PAM) support enables PowerBroker for UNIX & Linux to utilize industry standard authentication systems.
  • Granular delegation of Privileged Accounts

    The ability to partition of privileged accounts such as root, granting users and admins access to only the specific entitlements required to perform a given task, i.e. least privilege model.
  • Integration with BeyondTrust Management & Analytics Console (Optional)

    Free for all PowerBroker Servers for UNIX and Linux customers. Advanced features including dynamic asset discovery and targeting, flexible alerting and reporting, advanced analytics, and centralized I/O index and search capabilities.

Why BeyondTrust for Server Security

  • Quickly meet access/authorization regulations as described in SOX, HIPAA, GLBA, PCI DSS, FDCC and FISMA
  • Granularly control user access to programs, files, and directories as well as brokering system tasks, without Sudo
  • Supports 30 encryption methods for policies, logs, and network traffic, assuring compatibility within virtually any IT infrastructure
  • Centralized policy store allows for a single control point for managing user privileges
  • Time-stamped logs for every administrative, user-level, and application activity ensures that no suspicious activity goes unnoticed
  • Supports flexible integration scenarios with Active Directory and other directory services, from basic authentication enablement to storage and lookup of PowerBroker policy data
PowerBroker UNIX & Linux accepted command events

Related Products

To learn more about our products for securing your virtual environments, select a product area below:

PowerBroker Identity Services

Quickly and easily integrate your UNIX and Linux servers into your Active Directory Infrastructure

PowerBroker Servers Enterprise

Combine the power of our UNIX/Linux root delegation and our AD bridging for an enterprise approach to server compliance

PowerBroker Password Safe

Automate Password Management for Increased Security across your entire dynamic infrastructure


  • PowerBroker Servers Basic Delegations
    PowerBroker Servers
    Basic Delegations
  • PowerBroker Servers Privilege Command Logging
    PowerBroker Servers
    Privilege Command Logging
  • PowerBroker Servers Centralized Keystroke Logging
    PowerBroker Servers
    Centralized Keystroke Logging

  • PowerBroker Servers Securing Oracle Databases
    PowerBroker Servers
    Securing Oracle Databases
  • PowerBroker Unix Linux Centralized Command Control
    PowerBroker Servers
    Centralized Command Control
  • PowerBroker Unix Linux
    PowerBroker Servers
    PowerBroker Servers Enterprise