PowerBroker for Sudo Sudo is an application for Unix and Linux operating systems that allows users to run programs with the security privileges of another user. In its basic form, it is by definition a least privilege application for controlling privileged access management. By default, sudo runs all elevated commands as ‘superuser.’ Modern versions of sudo have support for running commands not only as the superuser but also as other (restricted) users, thus creating a limited least privilege solution. Sudo is often used for administrative tasks only. Sudo’s Challenges For most administrators, sudo is good enough in terms of least privilege functionality, but the management falters in terms of scalability. Administrators must maintain individual sudoers files on each host, and coupled with the headache of trying to consolidate log data, this can create a large burden on daily administration and maintenance of the tool. Often times this problem just creates new issues on its own with referential integrity of files and poor change management. What’s Needed to Improve Sudo For any environment with multiple Unix and Linux systems, whether physical, virtual, or cloud, sudo users have a need to centralize the management of many different sudoers policy files to solve these inherent problems. In addition, to ensure the integrity of the log data, the log information needs to be stored in a location other than where commands are being elevated for security and to prevent potential tampering. As a solution, PowerBroker for Sudo provides a quick and easy way to move multiple suoders files to one server and at the same enforces both eventlog and session log to be created and stored on a centralized server rather than the local issuing client. PowerBroker for Sudo provides a best of breed approach to manage multiple policy files, apply version control to sudo files, and even roll-back capabilities around those policy files to ensure constancy and integrity throughout your environment. In addition, PowerBroker for Sudo provides secure and reliable logging at the event and session level to a centralized location leveraging the BeyondInsight, privileged access management platform. If you are using sudo for least privilege on your non-critical Unix or Linux servers, it doesn’t have to be so hard! Contact us today to learn more about how we can help address your most pressing server privilege management challenges.