Privilege Manager for Sudo

Centralized management and reporting for the sudoers policy file

Enhance Sudo 1.8.1 with a central policy server, centralized sudo management and reporting.

Privilege Manager for Sudo, part of the Privileged Access Suite for Unix, enables centralized management for sudoer policy files. Easily generate reports on sudoer access rights and activities, and keystroke logging of activities performed through sudo. With Privilege Manager for Sudo plug-ins, your organization can take privileged account management through sudo to the next level across a number of Unix/Linux servers.

Features

Quest One Privilege Manager for Sudo

  • Extend sudo – New capabilities allow your organization to extend sudo with plug-ins (central policy server and keystroke logging) that fit into the sudo modular framework.
  • Central sudo policy – Improves your organization’s security and eliminates your need to manage the deployment of subdoers on every system with a central service to administer sudo and sudo policy for privileged account management across a number of Unix/Linux servers.
  • Centralized management – You can manage sudo using the Management Console for Unix, which provides a single point of administration for multiple Dell solutions to simplify administrator- and auditing-related activities across the entire Unix environment.
  • Centralized reporting – Using the Management Console for Unix, your organization can centralize reporting on sudo with a single platform. The console enables you to track changes made to sudoers, including versioning, and reverting back to any previous version, allowing for a report that shows you who, what and when details regarding changes to the sudo policy file. It also lets you track who ran a specific sudo command across all managed systems, and whether it was accepted or rejected based on the policy. It gives you access and privilege reports that analyze the sudo configuration file, user accounts and group memberships, as well as a list of the access and privileges that have been granted to users and systems through sudo.
  • No training required – Your users can draw upon their existing sudo knowledge with plug-ins that extend sudo’s capabilities, thus avoiding training, realizing a faster time to value and minimizing calls to your help desk.
  • Keystroke logging – Using the Privilege Manager for Sudo Keystroke Logging plug-in, you can track and log keystrokes of activities performed through sudo. The keystroke log gives you a comprehensive view of the activities performed and the commands that are executed across all systems. You can filter the report to help you quickly find the data you need.
  • Separation of duty enforcement – Using the Management Console for Unix, you can enforce the concept of separation of duty (SoD). The console enables you to assign users to a role, and based on the role, only be allowed permissions to perform certain tasks.
  • Sudo Offline Policy Cache – Provides your organization service continuity in the event of a network or server outage.
  • Script compatibility – Ensures that your organization’s existing script files that include embedded sudo commands are compatible, avoiding the possibility of run failure and the potentially huge costs to test and fix scripts across multiple Unix systems.

Specifications

The Privilege Manager for Sudo plug-ins require sudo 1.8.1 or later and will run on the following systems that have sudo installed.

The Management Console for Unix is browser-agnostic (supporting Internet Explorer, Firefox or Safari) and can be run from any Windows, Mac, Unix or Linux workstation.

Operating System

Supported Version

Linux

Red Hat®

Enterprise Linux 5 (Intel x86/x86 64, PowerPC 32/64 bit, IBM zSeries)
Enterprise Linux 6 (Intel x86/x86 64, PowerPC 32/64 bit, IBM zSeries)

CentOS

CentOS 5 and 6 (Intel x86/x86 64)

Fedora

16,17, and 18 (Intel x86/x86 64)

SUSE® Linux

OpenSUSE 10 and 11 (Intel x86/x86 64)
Enterprise Desktop 10 and 11 (Intel x86/x86 64)
Enterprise Server 10 and 11 (Intel x86/x86 64, PowerPC 32/64 bit, IBM zSeries)

Debian/Ubuntu

Debian GNU/Linux 6 (Intel x86/x86 64)
Ubuntu 10.04 LTS, 11.10, 12.04, 12.10 (Intel x86/x86 64)

Oracle Linux

Oracle Linux 5 and 6 (Intel x86/x86 64)

Oracle VM

Oracle VM 2

XenServer

XenServer 5.6 and 6.0

VMware ESX Server

vSphere (ESX 4.0 and 4.1)

Solaris

Sun® Solaris

8, 9, 10, 11 11/11, and 11.1 (SPARC 32/64 bit / Intel x86/x86 64)

HP-UX

HP® HP-UX

11.11, 11.23, 11.31 (PA-RISC 32/64 bit)
11.22, 11.23, 11.31 (IA64 32/64 bit)

AIX

IBM® AIX

5.3, 6.1, and 7.1 (32/64 bit)

Mac OSX

OSX 10.7 and 10.8

Resources

Screenshots

loading

Quest One Privilege Manager for Sudo

Take a tour of key functionality in Quest One Privilege Manager for Sudo interface to experience its capabilities and ease of use.

Take a Screenshot Tour

Quest One Privilege Manager for Sudo - Sudo access report

Quest One Privilege Manager for Sudo Sudo Access Report

This report untangles the sudoers policy file by providing a simple-to-read report on what sudo privileges users have on what systems including an examination of aliases and group memberships.

Quest One Privilege Manager for Sudo - Sudo editor

Quest One Privilege Manager for Sudo Sudo editor

Quickly and easily edit the sudoers policy.

Quest One Privilege Manager for Sudo - Sudo editor version

Quest One Privilege Manager for Sudo Sudo editor version

Easily view the different sudoers policy versions, when they were changed and who changed them, along with any comments.

Quest One Privilege Manager for Sudo - Sudo events 2

Quest One Privilege Manager for Sudo Sudo events2

View all commands executed based on host and user with optional replay of keystroke logging.

Quest One Privilege Manager for Sudo - Sudo events 3

Quest One Privilege Manager for Sudo Mailbox Inventory Report

Search event logs based on user, host, time, policy group and even keywords.

Quest One Privilege Manager for Sudo - Sudo keystroke replay

Quest One Privilege Manager for Sudo Sudo keystroke replay

Replay session logs down to the keystroke level (optional).

Quest One Privilege Manager for Sudo - Sudo local user events

Quest One Privilege Manager for Sudo - Sudo local user events

See a bird’s-eye view of all your Unix accounts, manage them, and quickly search on any account for its sudo activities across multiple systems.

Quest One Privilege Manager for Sudo - Sudo readiness check

Quest One Privilege Manager for Sudo Sudo readiness check

Check basic network conditions, connection to the policy server, support for offline policy cache and the current sudo installation.

Quest One Privilege Manager for Sudo - Sudo version report

Quest One Privilege Manager for Sudo Sudo version report

See a detailed view of all sudo policy changes.