
- Provision and deprovision users
- useradd <username>
- usermod <username>
- userdel <username>
- Network maintenance
- ifconfig <interface> <parameters>
- netstat <parameters>
- route <parameters>
- Disk/Filesystem maintenance:
- mount <device> <path>
- umount <device>
- Df
- Kernel configuration
- echo <parameter> > /proc/kernel/<attribute>
- vi /etc/system
- vi /etc/sysconfig
- Kernel/App crashes
- sar <parameters>
- crash <parameters>
- Killing runaway or hung processes
- kill <signal> <process>
- ps <parameters>
- Software install / updates
- Fine-grain delegation to permit admins to perform only the tasks they need to perform.
- Support for time-based policies which ensures tasks are only performed during maintenance windows or after hours. This would ensure the privileges are only available during those times.
- Just-in-time approvals to permit admins to request a list of actions that can be approved by a manager or peers.
- A way to re-authenticate users or prompt for a second factor of authentication when performing highly sensitive operations or accessing sensitive information.
- Centralized policy management to simplify the management of policies across hundreds or thousands of servers.
- Centralized auditing to simplify compliance and speed up forensics.
- Controls to prevent users from circumventing the business policy and process.
- Allow the elevation and auditing for non-interact user activity like scripts and application processing.
- A way to integrate with IAM platforms for provisioning/de-provisioning so policies can be data-driven and managed with business automation.
- Security and compliance auditing will require extensive reporting of activities to ensure accountability and to identify rogue or unauthorized activity.
- Efficient way to locate suspect activity when doing a forensic investigation. This needs to take seconds vs. days or weeks to track down activity.

Paul Harper, Product Manager, BeyondTrust
Paul Harper is product manager for Unix and Linux solutions at BeyondTrust, guiding the product strategy, go-to-market and development for PowerBroker for Unix & Linux, PowerBroker for Sudo and PowerBroker Identity Services. Prior to joining BeyondTrust, Paul was a senior architect at Quest Software/Dell. Paul has more than 20 years of experience in Unix/Linux operations and deployments.