Proven Privilege and Session Management for Unix & Linux Servers
PowerBroker for Unix & Linux enables system administrators to efficiently delegate Unix and Linux privileges and elevate commands without disclosing passwords for root or other privileged accounts. The solution can also record all privileged sessions for audits, including keystroke information. Use PowerBroker to meet the privileged access control requirements of government and industry mandates including SOX, HIPAA, PCI DSS, GLBA, PCI, FDCC and FISMA without relying on sudo.
- Enable users to perform specified administrative tasks without requiring root privileges, thus improving security
- Broker permissions transparently, ensuring user productivity
- Track, log and audit activities performed on Unix and Linux systems
- Record and index all sessions for quick discovery during audits
- Centrally manage all policies, roles and log data via a web-based console
- Leverage across more than 100 flavors of Unix and Linux
Achieve System-Level Control and Accountability
Granularly delegate root admin privileges. Enhance security through fine-grained, role-based policy control of privileged accounts. Achieve policy driven command elevation and auditing – down to the system level – with no change to the user experience.
Migration Path from Sudo
With support for more than 100 flavors of Unix and Linux, PowerBroker is one of the most comprehensive solutions to enable users to run commands at a higher privilege level. This breadth, in addition to industry-standard encryption, provides the confidence to replace existing open-source options such as sudo with a commercially supported solution.
Comply with Ease
Compartmentalize IT tasks that require privileged accounts, enabling segregation of duties. Gain visibility through detailed, centralized event logs of elevated commands and keystroke logging capabilities, featuring DVR-style recording of all activity performed by the user. Enable change management of all settings and policy configurations, including rollback.
Manage Privileges Across the Environment
Free for all PowerBroker for Unix & Linux customers, the fully-integrated PowerBroker Privileged Access Management Platform provides advanced features including dynamic asset discovery and targeting, flexible alerting and reporting, advanced analytics, and centralized I/O index and search capabilities.
Monitor Integrity of Files and System Binaries
Ensures that important system binaries, product binaries and files have not been tampered with. Any changes are fully audited and reviewed.
System-level control and audit: Provides control over applications down to the system level, regardless of how the application is initiated. Enhanced auditing ensures that administrators can easily monitor and alert on suspicious and inappropriate activity providing much faster forensics and audit reviews using session logs.
Segregation of duties: Centralized control allows for true separation of duties, limiting users, administrators and auditors access to only the data relevant to them.
Flexible authentication and authorization: Pluggable Authentication Module (PAM) support enables PowerBroker for Unix & Linux to utilize industry-standard authentication systems.
Track and record activity: Time-stamped logs for every administrative, user-level, and application activity ensures that no suspicious activity goes unnoticed. DVR-style recording and indexing ensures all activity is available for quick discovery and playback.
Granular delegation of privileged accounts: Partitions privileged accounts such as root, granting users and admins access to only the specific entitlements required to perform a given task, achieving a least-privilege model.
Centralized administration and auditing: Greatly reduces the administration and overhead normally associated with policies and audit tasks.
Flexible policy language: Determines who can do what, where, when, and why providing granular options to the administrator.
Extensive platform support: Supports more than 100 flavors of Unix and Linux (full list).
User management: Granularly controls user access to programs, files, and directories as well as brokering system tasks, without sudo.
Database synchronization: Files and settings can be automatically replicated between hosts, saving time and effort by no longer requiring the manual copying of files between hosts.
Registry Name Service: Enables all PowerBroker components to centrally register themselves and provide a logical grouping (Service Groups). Makes adding, changing and removing servers within particular services types much easier while ensuring high availability needs are always met.
File Integrity Monitoring: Performs timed scans of centrally selected files and/or folders, checking the targets against a list of predefined settings including location, ownership, permissions, size, date/time and a file hash, ensuring files have not been tampered with.
Secure logging: Centralized log data facilitates controlled access to session activity information.
Encrypted: Supports 30 encryption methods for policies, logs, and network traffic, assuring compatibility within virtually any IT infrastructure. Ensures all user and admin activity are encrypted to selectable, industry-standard algorithms and stored in a secure, centralized location.
Reducing Insider Risks with PowerBroker for Unix & Linux Servers
1 Remove the Need to Login as Root
PowerBroker for Unix & Linux implements a true least privilege delegation model, allowing users to run any command at a higher privilege level so long as allowed by the centralized policy. Removing the need for users to logon as root allows the root user account to have much tighter security controls or be moved to a password management system such as PowerBroker Password Safe.
2 Achieve Compliance for Root
PowerBroker for Unix & Linux allows standard named user accounts to elevate to a root level with full session logging, providing a centralized indelible audit trail and ultimate accountability for each individual system administrator.
3 Make Up for sudo's Shortfalls
PowerBroker for Sudo provides a way to quickly and simply centralize one or more sudoers files. Connecting hosts can be optionally grouped or run in a hybrid of one to one plus grouped hosts, allowing simple and controlled access to specific sudoers files located on one or more centralized servers based on the requesting hosts group membership.
4 Seamlessly Integrate with Password Management
PowerBroker for Unix & Linux integrates seamlessly with PowerBroker Password Safe. This allows you to control both what users can access and what they can do once they have access.