Centrally managing sudo policy controls – save yourself the hassleWith so many different iterations of the sudoers policy file used by various groups inside an organization, the need to control and track changes made to each sudoers file quickly becomes an unmanageable task. Almost every user of sudo quickly runs into the issue of appropriately managing the individual sudoers policy files that get created on each Unix or Linux host. Manual synchronization tools and home grown LDAP/database solutions may at first appear appealing, but reliability, complexity and security controls end up dramatically reducing the effectiveness of such configurations, often causing more problems than they solve. There is no effective way to undo changes to one or more sudoers files, or jump back to a certain point of time/version of a sudoers policy file. PowerBroker for Sudo provides a way to quickly and simply centralize one or more sudoers files, enabling change management and version control. With PowerBroker for Sudo:
- Policy changes can be validated before making changes to the policy file live, or quickly compared with highlighted differences between any two versions of a sudoers file.
- The roll-back/roll-forward functionality allows for fast switching between any two saved versions of the sudoers file that are being managed by PowerBroker for Sudo.
- Connecting hosts can be optionally grouped or run in a hybrid of one-to-one plus grouped hosts, allowing simple and controlled access to specific sudoers files located on one or more centralized servers based on the requesting hosts group membership.