PowerBroker for Linux: Managing Access One Task at a Time

Symark makes security administration solutions for heterogeneous IT environments. PowerBroker provides Unix and Linux workstations and networks with increased security and accountability by delegating administrative privileges and granting selective access to corporate resources without disclosing the root password. This reduces the risk of accidental damage and the threat of malicious activities.

"Our multi-platform support shows a growing trend of customers who have Unix and Linux mixed systems. This product gives them a better return on their investment," Ellen Libenson, vice president of product management at Symark Software, told LinuxInsider.

What It Does

PowerBroker allows administrative tasks such as managing system programs, performing backups and adding new users to be delegated to individuals or groups at a granular level. The program also protects the root account, which is the most targeted user account, from both external and internal threats.

Entitlement Reporting, a new feature, enables seamless reporting on the commands that users are authorized to perform on specific systems. This feature is driven by audit requirements and compliance standards.

This provides system administrators with a quick way to get a report on the commands that various users can run on a Linux system, Libenson said. Administrators can abstract report results in a variety of terms.

"People shouldn't have the same permissions on the same machines if their jobs don't warrant it," Libenson said.

Better Control

Another new feature, Access Control Lists, simplifies the definition of access privileges. It uses lists to enable system administrators to specify the most commonly used access control mechanisms for users.

The Access Control Lists manages privileges by user, systems, command and most other policy parameters. It also lets admins quickly create limitations on access for each user by time of day.

Better access control cuts down on the script writing system administrators have to do by allowing them to set access policies by using canned scripts.

"Many system administrators have a heavy Windows background but are not programmers," said Libenson. "We get lots of support calls for guidance on doing this."

Other Features

Power Broker 5.0 synchronizes and aggregates log data from multiple machines so the system administrator can review logs from a central location on the same server. It also consolidates disconnected event and input/output logs following any failure or outage.

An updated browser-based graphic user interface (GUI) allows administrators to perform routine management tasks without having to know complex command-line functions and switches. It provides a more intuitive user interface that contains PowerBroker system settings maintenance, policy maintenance, reporting functionality and other features.

The Centralized Logging feature records keystrokes. This creates lots of data, noted Libenson, adding that usually one person has to review all the logs looking for anomalies. Power Broker 5.0 deceases system administrators' overhead because it can search and spot anomalies more quickly.

Regulatory Safety

"Audit compliance is easier with PowerBroker 5.0 because the program's reporting structure shows regulators that users have a handle on security," said Libenson.

PowerBroker shows auditors that the company using the program has segregation of duties and a secure infrastructure, she said.

PowerBroker is available as a free upgrade for existing users with an extended support contract.

For new users the price is based on volume use.