Privilege Management for Unix and Linux Features
Privilege Management for Unix and Linux enables Unix and Linux system administrators to specify the circumstances under which users may run certain programs as root or as other important accounts. The result is responsibility for actions such as adding user accounts, fixing line printer queues, etc., allowing permissions to be safely assigned to the appropriate person without disclosing the root password. The full power of root is protected from potential misuse or abuse such as:
- Modifying databases
- File permissions
- Erasing disks
Furthermore, Privilege Management for Unix and Linux is capable of selectively recording all input and output from a session. Having this audit trail combined with the safe partitioning of root functionality provides an extremely secure means of sharing the root password. The pbreplay utility enables you to view sessions while they are happening or at a later date. Privilege Management for Unix and Linux can also require a checksum match before running any program, guarding against viruses or Trojan horse attacks on important accounts.
Through its integration with the SafeNet Luna SA Hardware Security Module (HSM), Privilege Management for Unix and Linux provides the first privileged user management solution to use FIPS 140-2 Security Level 2 encryption services to achieve compliance with the most strict key storage requirements and standards.
SafeNet Luna SA is a flexible, network-attached hardware security module that provides powerful cryptographic processing and hardware key management for applications where security and performance are a top priority. With FIPS 140-2 Security Level 2 and Common Criteria EAL 4+ validation, SafeNet Luna SA is an Ethernet-attached hardware security appliance that is designed to ensure the integrity and security of key management for PKI root key protection and smartcard issuance, with blazing cryptographic processing for digital signing applications or SSL acceleration for Web servers.
Privilege Management for Unix and Linux can access existing programs as well as its own set of utilities that execute common system administrative tasks. Utilities that are being developed to run on top of Privilege Management for Unix and Linux can manage passwords, accounts, backups, line printers, file ownership or removal, rebooting, logging people out, killing their programs, deciding who can log in to what machines from where, and so on. Users can work from within a restricted shell or editor to access certain programs or files as root.
Privilege Management for Unix and Linux can also optionally encrypt all network traffic that it generates, including control messages, input that is keyed by users, and output that is generated by commands that are run through Privilege Management for Unix and Linux. This encryption protects sensitive data from network monitoring.
Privilege Management for Unix and Linux is built upon two major concepts:
- Partitioning the functionality of root (and other important accounts) to allow multiple users to carry out system administration actions without full access to the administrative account or its password
- Creating an audit trail of such actions
Privilege Management for Unix and Linux enables system administration actions to be partitioned without compromising root account security. Privilege Management for Unix and Linux enables the system administrator to specify if, and when, a use’s request to run a program is accepted or rejected.
Through Privilege Management for Unix and Linux, each user can request that a program be run on a machine as root (or as another important account, such as oracle or admin). Privilege Management for Unix and Linux evaluates the request. If the request is accepted, Privilege Management for Unix and Linux runs the program locally or across a network, on behalf of the user.
With Privilege Management for Unix and Linux, help desk personnel can reset passwords for users that have forgotten them and reinstate user accounts. Project members can clear a jammed line printer queue, kill hung programs, or reboot certain machines. Administration staff can print or delete resource usage logs or start backups.
Through partitioning, Privilege Management for Unix and Linux allows different users to perform those root actions for which they are responsible, but not anything else. Privilege Management for Unix and Linux enables you to specify:
- Which users can perform a particular task
- Which tasks can be run through the system
- When the user can perform the task
- On which machine the task can be performed
- From which machine the user may initiate a request to perform the task
- Whether another user’s permission (in the form of a password) is required before the task is started
- The decisions that are to be made by a program that you supply and which Privilege Management for Unix and Linux calls to determine if a request should be accepted or rejected
- Many other miscellaneous properties of requests
Privilege Management for Unix and Linux is capable of recording all activity that passes through it to the I/O level. The power to accurately log activities in a safe environment enables you to implement a secure system administration regime with an audit trail. You always know exactly what is happening in root, as well as who did it, when it happened, and where.
Because root can modify any file, special precautions must be taken to ensure the Privilege Management for Unix and Linux logs are secure. Privilege Management for Unix and Linux can be configured to receive user requests from the submitting machine, execute tasks on the execution machine, and log all of the activities on yet another, very secure machine.
If necessary, the machines that contain the policy files and the log files can be made physically inaccessible to users and isolated from remote login over the network. In addition, the logs can be printed to hardcopy on a secure printer or recorded to a WORM drive if required.
This secure machine can also be assigned a root password, which is unknown to the person who has physical access to it, but known to someone else without physical access. Therefore, the two people would have to collude to subvert system security. These and other techniques may be used to achieve a high degree of security around Privilege Management for Unix and Linux, as well as the root activity logs that Privilege Management for Unix and Linux creates.