Centralized management and reporting for the sudoers policy file
Enhance Sudo 1.8.1 with a central policy server, centralized sudo management and reporting.
Privilege Manager for Sudo, part of the Privileged Access Suite for Unix, enables centralized management for sudoer policy files. Easily generate reports on sudoer access rights and activities, and keystroke logging of activities performed through sudo. With Privilege Manager for Sudo plug-ins, your organization can take privileged account management through sudo to the next level across a number of Unix/Linux servers.
- Extend sudo – New capabilities allow your organization to extend sudo with plug-ins (central policy server and keystroke logging) that fit into the sudo modular framework.
- Central sudo policy – Improves your organization’s security and eliminates your need to manage the deployment of subdoers on every system with a central service to administer sudo and sudo policy for privileged account management across a number of Unix/Linux servers.
- Centralized management – You can manage sudo using the Management Console for Unix, which provides a single point of administration for multiple Dell solutions to simplify administrator- and auditing-related activities across the entire Unix environment.
- Centralized reporting – Using the Management Console for Unix, your organization can centralize reporting on sudo with a single platform. The console enables you to track changes made to sudoers, including versioning, and reverting back to any previous version, allowing for a report that shows you who, what and when details regarding changes to the sudo policy file. It also lets you track who ran a specific sudo command across all managed systems, and whether it was accepted or rejected based on the policy. It gives you access and privilege reports that analyze the sudo configuration file, user accounts and group memberships, as well as a list of the access and privileges that have been granted to users and systems through sudo.
- No training required – Your users can draw upon their existing sudo knowledge with plug-ins that extend sudo’s capabilities, thus avoiding training, realizing a faster time to value and minimizing calls to your help desk.
- Keystroke logging – Using the Privilege Manager for Sudo Keystroke Logging plug-in, you can track and log keystrokes of activities performed through sudo. The keystroke log gives you a comprehensive view of the activities performed and the commands that are executed across all systems. You can filter the report to help you quickly find the data you need.
- Separation of duty enforcement – Using the Management Console for Unix, you can enforce the concept of separation of duty (SoD). The console enables you to assign users to a role, and based on the role, only be allowed permissions to perform certain tasks.
- Sudo Offline Policy Cache – Provides your organization service continuity in the event of a network or server outage.
- Script compatibility – Ensures that your organization’s existing script files that include embedded sudo commands are compatible, avoiding the possibility of run failure and the potentially huge costs to test and fix scripts across multiple Unix systems.
The Privilege Manager for Sudo plug-ins require sudo 1.8.1 or later and will run on the following systems that have sudo installed.
The Management Console for Unix is browser-agnostic (supporting Internet Explorer, Firefox or Safari) and can be run from any Windows, Mac, Unix or Linux workstation.
Enterprise Linux 5 (Intel x86/x86 64, PowerPC 32/64 bit, IBM zSeries)
CentOS 5 and 6 (Intel x86/x86 64)
16,17, and 18 (Intel x86/x86 64)
OpenSUSE 10 and 11 (Intel x86/x86 64)
Debian GNU/Linux 6 (Intel x86/x86 64)
Oracle Linux 5 and 6 (Intel x86/x86 64)
Oracle VM 2
XenServer 5.6 and 6.0
VMware ESX Server
vSphere (ESX 4.0 and 4.1)
8, 9, 10, 11 11/11, and 11.1 (SPARC 32/64 bit / Intel x86/x86 64)
11.11, 11.23, 11.31 (PA-RISC 32/64 bit)
5.3, 6.1, and 7.1 (32/64 bit)
OSX 10.7 and 10.8
Quest One Privilege Manager for Sudo Overview videos
Quest One Privilege Manager for Sudo - Sudo access report
This report untangles the sudoers policy file by providing a simple-to-read report on what sudo privileges users have on what systems including an examination of aliases and group memberships.
Quest One Privilege Manager for Sudo - Sudo editor
Quickly and easily edit the sudoers policy.
Quest One Privilege Manager for Sudo - Sudo editor version
Easily view the different sudoers policy versions, when they were changed and who changed them, along with any comments.
Quest One Privilege Manager for Sudo - Sudo events 2
View all commands executed based on host and user with optional replay of keystroke logging.
Quest One Privilege Manager for Sudo - Sudo events 3
Search event logs based on user, host, time, policy group and even keywords.
Quest One Privilege Manager for Sudo - Sudo keystroke replay
Replay session logs down to the keystroke level (optional).
Quest One Privilege Manager for Sudo - Sudo local user events
See a bird’s-eye view of all your Unix accounts, manage them, and quickly search on any account for its sudo activities across multiple systems.
Quest One Privilege Manager for Sudo - Sudo readiness check
Check basic network conditions, connection to the policy server, support for offline policy cache and the current sudo installation.
Quest One Privilege Manager for Sudo - Sudo version report
See a detailed view of all sudo policy changes.