Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Giving up Your Roots: A Root Remedy Checklist

May 11, 2016

  • Blog
  • Archive
Control Root Privileges As an IT organization, should you be concerned that your sysAdmins login as root, su to root, or sudo su to root? If so, can you really expect your users to do their daily tasks if they cannot logon with root level administrative permissions? Even if you enable your most trusted admins with root, shared accounts are inherently problematic and open up the possibility to both internal abuse as well as compromise from external threats and bad actors that have compromised your network. Remember the old adage, “It’s not if you are compromised, it is when!!!” Tasks users perform as root We have all heard the line, “I need root,” and there are probably a million different reasons (or excuses more often than not) why your admins will claim this need. But for those of you who are curious about some of the common tasks sysadmins will typically run as root or with root level privileges, here is a short list of common tasks they will likely perform on any given day. These tasks include, but aren’t limited to:
  1. Provision and deprovision users
    • useradd <username>
    • usermod <username>
    • userdel <username>
  2. Network maintenance
    • ifconfig <interface> <parameters>
    • netstat <parameters>
    • route <parameters>
  3. Disk/Filesystem maintenance:
    • mount <device> <path>
    • umount <device>
    • Df
  4. Kernel configuration
    • echo <parameter> > /proc/kernel/<attribute>
    • vi /etc/system
    • vi /etc/sysconfig
  5. Kernel/App crashes
    • sar <parameters>
    • crash <parameters>
  6. Killing runaway or hung processes
    • kill <signal> <process>
    • ps <parameters>
  7. Software install / updates
The risks of running as root Unix and Linux, for years, have had a security model where applications run with low privileges and request elevation of their privileges to modify the underlying system. When you are logged on as root any application you launch assumes your rights, thus, a vulnerability in that application could expose access to a root shell. So, should you be concerned that your sysAdmins login as root, su to root, or sudo su to root? The short and simple answer is yes. How to revoke root access without impacting administration Although revoking root access may meet some resistance, this decision increases the level of security in your organization. This will better protect both customer and internal data. In an effort to solve the administrative fallout of revoking day-to-day root access for sysadmins and ensuring that admins remain productive, we have provided a checklist of items to ensure that what is implemented does not create a new headache for administration. Here’s your ‘root’ remedy checklist for server privilege management:
  1. Fine-grain delegation to permit admins to perform only the tasks they need to perform.
  2. Support for time-based policies which ensures tasks are only performed during maintenance windows or after hours. This would ensure the privileges are only available during those times.
  3. Just-in-time approvals to permit admins to request a list of actions that can be approved by a manager or peers.
  4. A way to re-authenticate users or prompt for a second factor of authentication when performing highly sensitive operations or accessing sensitive information.
  5. Centralized policy management to simplify the management of policies across hundreds or thousands of servers.
  6. Centralized auditing to simplify compliance and speed up forensics.
  7. Controls to prevent users from circumventing the business policy and process.
  8. Allow the elevation and auditing for non-interact user activity like scripts and application processing.
  9. A way to integrate with IAM platforms for provisioning/de-provisioning so policies can be data-driven and managed with business automation.
  10. Security and compliance auditing will require extensive reporting of activities to ensure accountability and to identify rogue or unauthorized activity.
  11. Efficient way to locate suspect activity when doing a forensic investigation. This needs to take seconds vs. days or weeks to track down activity.
There is no time like the present to start thinking about giving up your roots. Or better yet, take the information above and get to work on locking down what are typically the most important servers hosting the most critical data in just about every organization. For more information on how BeyondTrust can help you achieve control and accountability over root or admin credentials, contact us today.

Paul Harper, Product Manager, BeyondTrust

Paul Harper is product manager for Unix and Linux solutions at BeyondTrust, guiding the product strategy, go-to-market and development for PowerBroker for Unix & Linux, PowerBroker for Sudo and PowerBroker Identity Services. Prior to joining BeyondTrust, Paul was a senior architect at Quest Software/Dell. Paul has more than 20 years of experience in Unix/Linux operations and deployments.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

A Zero Trust Approach to Secure Access

Webcasts

Rising CISOs: Ransomware, Cyber Extortion, Cloud Compromise, oh my!

Whitepapers

A Zero Trust Approach to Windows & Mac Endpoint Security

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.