Quest One Privilege Manager for Sudo - Features

Quest One Privilege Manager for Sudo

  • Extend Sudo 1.8.1 – Enhance sudo with new capabilities that embrace and extend sudo by providing plug-ins (central policy server and keystroke logging) that fit into the sudo 1.8 modular framework.
  • Central Sudo Policy – Use a central service to enforce policy, removing the need for administrators to manage the deployment of sudoers on every system. This improves security and reduces administrative effort by centrally administering sudo and sudo policy for privileged account management across any number of Unix/Linux servers.
  • Centralized Reporting – Centralize reporting on sudo using a single platform: the Quest One Management Console for Unix. Available reports include access and privilege reports that analyze the sudo configuration file, user accounts and group memberships. Reports also provide a list of the access and privileges that have been granted to users and systems through sudo. The console also lets you track changes made to sudoers, including versioning, and the ability to revert to any previous version. This allows for a report that shows you who made what changes to the sudo policy file, and when. It also includes the ability to track who ran what sudo command across all managed systems, and whether the command was accepted or rejected based on the policy.
  • No Training Required – Avoid training and minimize calls to the help desk. Because plug-ins extend sudo’s capabilities, users will take advantage of their existing sudo knowledge and realize a faster time-to-value. Other privileged management solutions require learning new commands and syntax, resulting in more training and calls to the help desk.
  • Keystroke logging – Track and log keystrokes for administrators that perform activities through sudo using the Privilege Manager for Sudo Keystroke Logging plug-in. The keystroke log provides a comprehensive view of what activities are performed and the commands that are executed across all systems. The report can be filtered in many ways to help you quickly find the data you need. For example, you can filter on specific commands or for commands run during a specific time period.
  • Separation of Duty Enforcement – Enforce the concept of separation of duty (SoD) using the Quest One Management Console for Unix. The console enables users to be assigned to a role, and based on the role, only be allowed permissions to perform certain tasks. For example, the administrator may be allowed to modify the sudo policy, but not be allowed to view keystroke log recordings.
  • Sudo Offline Policy Cache – Provide continuity of service in the event of a network or server outage with Sudo Offline Policy Cache.
  • Script Compatibility – Ensure compatibility with existing script files that include embedded sudo commands. Because other privileged management solutions use different commands and syntax, existing scripts will likely fail to run, resulting in potentially huge costs to test and fix scripts across multiple Unix systems.
  • Centralized Management – Manage sudo using the Quest One Management Console for Unix, as well as additional Quest solutions, such as Authentication Services. The console provides a single point of administration for multiple Quest solutions to simplify administrator- and auditing-related activities across the entire Unix environment.