NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

You Could be Sudoing Better - Introducing PowerBroker for Sudo

December 7, 2015

  • Blog
  • Archive

powerbroker for sudoThere is no way that security – and in particular the concept of least privilege– can be overstated on Unix and Linux platforms. After all, many organization typically run their most critical applications and store their most sensitive data in databases that run on *nix systems. To enable least privilege, many in the Unix and Linux community use sudo, hands-down the most widely used security tool in the non-Windows world.

But sometimes, sudo just isn’t enough

For two decades, BeyondTrust has led the way in helping organizations around the world replace sudo with a true enterprise class least privilege solution coupled with indelible auditing capabilities. PowerBroker for Unix & Linux has become a critical part of our customer’s infrastructures, vastly improving on the capabilities and functions offered by the sudo freeware baked in to most *nix operating systems.

There are many benefits that the PowerBroker solution brings to the table, but by far the most common requests are for Centralized Management and Centralized Logging. Only when customers start to peel back the covers do they discover a whole world of possibilities in control and audit functions that even many Unix admins didn’t even know were possible.

Transitioning to a full least privilege solution can be tricky

It can be a huge shift to adopt a complete least privilege solution for *nix. Policy files (sudoers files) must be converted. Certain end user and practices may need to be altered or invoked in different ways. The audit data would be stored, managed and reviewed in different ways. Yes, the benefits and end results are great, but there is work and change required to get there.

So let’s get back to those core requests: Centralized Management and Centralized Logging. Sounds easy enough right? There are websites, forums and even sudo documentation that detail how to leverage LDAP for policy and how to use sync tools (think rsync and scp) to move data around.

But what BeyondTrust has found time and time again is that these homebrew approaches often lead to over-complicated and semi-functioning solutions, maintained primarily through tribal knowledge up until the point that a key person leaves the company and they find themselves forced back to using and sharing the root account.

What if there was a better way? Now there is.

We’re pleased to introduce PowerBroker for Sudo, which combines the core features of a full least privilege solution but allows for quick implementation and continued use of all of your existing ‘sudoers’ files. PowerBroker for Sudo enables companies to centralize one or many sudoers files, then share out those policy files with single hosts, groups of hosts or both. In short, the policy files stay the same, the end user experience stays the same, only the management of the policies becomes centralized with a transparent and secure distribution to each sudo client.

In addition, rather than storing audit/log data on each sudo client and synchronizing the data, audit records both at the event level and the session recording level occur directly to a dedicated log server or log servers.

This approach ensures the integrity of the log files and makes them impossible to tamper with. Using all the same standards supplied by the PowerBroker product line, data in transit and data at rest is fully encrypted and configuration information is standard across all support platforms. Couple this with the included indexing service and graphical reporting system, canned reports, custom reports and forensics become a snap for all your sudo activities.

Need help making sense of sudo? Check out our newest white paper, How Secure is Your Sudo? Or, contact us today to learn more about PowerBroker for Sudo.

Photograph of Paul Harper

Paul Harper, Product Manager, BeyondTrust

Paul Harper is product manager for Unix and Linux solutions at BeyondTrust, guiding the product strategy, go-to-market and development for PowerBroker for Unix & Linux, PowerBroker for Sudo and PowerBroker Identity Services. Prior to joining BeyondTrust, Paul was a senior architect at Quest Software/Dell. Paul has more than 20 years of experience in Unix/Linux operations and deployments.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.