Centralized Policy, Logging and Version Control for Sudo

Managing sudo is not an easy task, but it is a reality. For organizations that choose not to use a full solution for Unix and Linux least privilege on their non-critical servers, or for those that just can’t justify the expense for a full solution, there has to be a way to simplify the management of sudo and improve its security and compliance.

Centralized Management of Sudoer Policy

BeyondTrust PowerBroker for Sudo provides centralized policy, logging and version control with change management for multiple sudoers files. The solution simplifies policy management, improves log security and reliability, and increases visibility into entitlements. This makes it easier for you to securely manage on low-priority servers or in areas where completely replacing sudo is not feasible. When ready, you can then utilize PowerBroker for Sudo along with PowerBroker for Unix & Linux for comprehensive privilege management.

How It Works


  • Centralize Policy Files: Move all sudoers to a single manageable file location.
  • Group, Individual or Hybrid sudoer files: Group hosts with a common sudoers file; one-to-one mapping of sudoers files; or a hybrid configuration.
  • Full Change Management: Approve changes, version control and roll-back of centralized suoders files.


  • Centralized Event Logs: All elevated event logs and session logs using sudo are recorded in the centralized Powerbroker event log.
  • Centralized Session Logs: Securely transmit and store keystroke logs to a dedicated and centralized server.


  • Simplifies deployment and management of policies with the web-based PowerBroker Servers Management Console.


  • Unix platforms: HP-UX, AIX, Solaris and Mac OS X
  • Linux platforms: Ubuntu, CentOS, RHEL, Debian, Oracle, Suse and zSeries Linux
  • System Requirements: Sudo version 1.8 or higher

Read the complete Data Sheet!

Download Now