Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

You Could be Sudoing Better - Introducing PowerBroker for Sudo

December 7, 2015

  • Blog
  • Archive
powerbroker for sudoThere is no way that security – and in particular the concept of least privilege– can be overstated on Unix and Linux platforms. After all, many organization typically run their most critical applications and store their most sensitive data in databases that run on *nix systems. To enable least privilege, many in the Unix and Linux community use sudo, hands-down the most widely used security tool in the non-Windows world. But sometimes, sudo just isn’t enough For two decades, BeyondTrust has led the way in helping organizations around the world replace sudo with a true enterprise class least privilege solution coupled with indelible auditing capabilities. PowerBroker for Unix & Linux has become a critical part of our customer’s infrastructures, vastly improving on the capabilities and functions offered by the sudo freeware baked in to most *nix operating systems. There are many benefits that the PowerBroker solution brings to the table, but by far the most common requests are for Centralized Management and Centralized Logging. Only when customers start to peel back the covers do they discover a whole world of possibilities in control and audit functions that even many Unix admins didn’t even know were possible. Transitioning to a full least privilege solution can be tricky It can be a huge shift to adopt a complete least privilege solution for *nix. Policy files (sudoers files) must be converted. Certain end user and practices may need to be altered or invoked in different ways. The audit data would be stored, managed and reviewed in different ways. Yes, the benefits and end results are great, but there is work and change required to get there. So let’s get back to those core requests: Centralized Management and Centralized Logging. Sounds easy enough right? There are websites, forums and even sudo documentation that detail how to leverage LDAP for policy and how to use sync tools (think rsync and scp) to move data around. But what BeyondTrust has found time and time again is that these homebrew approaches often lead to over-complicated and semi-functioning solutions, maintained primarily through tribal knowledge up until the point that a key person leaves the company and they find themselves forced back to using and sharing the root account. What if there was a better way? Now there is. We’re pleased to introduce PowerBroker for Sudo, which combines the core features of a full least privilege solution but allows for quick implementation and continued use of all of your existing ‘sudoers’ files. PowerBroker for Sudo enables companies to centralize one or many sudoers files, then share out those policy files with single hosts, groups of hosts or both. In short, the policy files stay the same, the end user experience stays the same, only the management of the policies becomes centralized with a transparent and secure distribution to each sudo client. In addition, rather than storing audit/log data on each sudo client and synchronizing the data, audit records both at the event level and the session recording level occur directly to a dedicated log server or log servers. This approach ensures the integrity of the log files and makes them impossible to tamper with. Using all the same standards supplied by the PowerBroker product line, data in transit and data at rest is fully encrypted and configuration information is standard across all support platforms. Couple this with the included indexing service and graphical reporting system, canned reports, custom reports and forensics become a snap for all your sudo activities. Need help making sense of sudo? Check out our newest white paper, How Secure is Your Sudo? Or, contact us today to learn more about PowerBroker for Sudo.

Paul Harper

Product Manager, BeyondTrust

Paul Harper is product manager for Unix and Linux solutions at BeyondTrust, guiding the product strategy, go-to-market and development for PowerBroker for Unix & Linux, PowerBroker for Sudo and PowerBroker Identity Services. Prior to joining BeyondTrust, Paul was a senior architect at Quest Software/Dell. Paul has more than 20 years of experience in Unix/Linux operations and deployments.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.