For almost 20 years, the open source utility Sudo has provided an efficient, practical way to give users permission to use specific system commands at the root level of Unix- and Linux-based systems without exposing the full root permission. Today’s organizations run a plethora of mission-critical applications for financials, human resources, Enterprise Resource Planning (ERP) and more on Unix and Linux servers, and, while the widely deployed Sudo gives certain employees access they need to do their jobs, it doesn’t include the increasingly heightened security and compliance features required by today’s compliance and security-driven enterprise. In addition, Sudo traditionally has been costly and cumbersome to manage. Quest Software now provides the solution to those problems with the release of the first plug-in to offer centralized management, reporting, and audit of Sudo and Sudo policy.
• Quest Software today introduces Quest® One Privilege Manager for Sudo, the first solution that ensures seamless, centralized and automated policy management of the Sudo open-source utility. This latest tool from the Quest® One Identity Solutions helps organizations meet compliance requirements simply, at a fraction of the cost of traditional “Sudo-replacement” options.
• Virtually every organization running Unix/Linux systems uses the open-source Sudo solution. Though revered by users, the lack of visibility and reporting natively available in Sudo does not meet many organizations’ security and compliance needs when it comes to managing and reporting on user access. While Sudo has a proven history of helping delegate the Unix root account to achieve privileged account management objectives, managing Sudo itself can be difficult. Sudo policy across multiple servers often is inconsistently written and executed, and Sudo does not include the ability to audit the important super user access and activities that are so critical to security and compliance initiatives.
• Sudo 1.8, released in March 2011, includes a new pluggable architecture that allows third-party plug-ins to be used with it—the first of which are the Quest One policy server and reporting, and keystroke logging plugins. This major update now lets organizations extend and enhance the capabilities of Sudo 1.8.1 and newer versions.
• Quest One Privilege Manager for Sudo takes advantage of this new pluggable framework to enable organizations using Sudo to achieve heightened security while better accommodating access control compliance requirements.
• Privilege Manager for Sudo enables users to continue to use Sudo as the enterprise-wide primary privileged account management solution for Unix/Linux systems. This results in no end user or administrator retraining requirements, fewer help desk calls and a faster time-to-value.
• Privilege Manager for Sudo provides a central policy server that eliminates the need for box-by-box management of sudoers, and offers visibility and relevant reports on Sudo policy and use, including access control; separation of duties; and policy tracking, versioning, and change history.
• Many scripts often have embedded Sudo commands, and traditional “Sudo-replacements” would require them all to be rewritten and redeployed. Because Privilege Manager for Sudo enhances Sudo instead of replacing it, none of that is necessary.
• Whether an organization has a few, dozens, hundreds or thousands of Unix/Linux servers, Privilege Manager for Sudo not only helps achieve compliance without breaking the budget, it improves efficiency with streamlined administration from a single, convenient console for managing Sudo, Active Directory bridge and enterprise root delegation.
• Quest One Privilege Manager for Sudo is available now, with North American pricing at $59 per server.
Nick Nikols, vice president and general manager, Identity, Security, and Windows Management business unit, Quest Software
“As the first to offer a policy and keystroke logging plug-in for Sudo, Quest is leading the charge in adding value for the vast number of organizations using Sudo worldwide. Quest One Privilege Manager for Sudo is another example of the compelling identity and access management solutions in the Quest One product portfolio, and reflects our leadership in providing organizations with the privileged account management tools they require to achieve and maintain compliance.”
Ben Bush, president, Voonami
“We manage several hundred Linux systems and, today, each one is running Sudo, with separate sudoers maintained on every system. By moving to a single, central policy, we save the overhead of administering Sudo on a box-by-box basis. As we continue to grow, a central model means we don’t need the overhead – today or in the future – for touching each system individually. Also, with Privilege Manager for Sudo, we can increase efficiency by using the same management console for both Sudo and Quest® Authentication Services, which we also own, eliminating the need to use one process for QAS and a different one for Sudo.”
Quest Software (Nasdaq: QSFT) simplifies and reduces the cost of managing IT for more than 100,000 customers worldwide. Our innovative solutions make solving the toughest IT management problems easier, enabling customers to save time and money across physical, virtual and cloud environments. For more information about Quest solutions for administration and automation, data protection, development and optimization, identity and access management, migration and consolidation, and performance monitoring, go to quest.com/.
Quest, Quest Software and the Quest logo are trademarks or registered trademarks of Quest Software in the United States and certain other countries. All other names mentioned herein may be trademarks of their respective owners.