Superuser Privilege Management

Administrators are privileged with power

Granting administration rights to people should always be carefully planned. Still, a risk remains that someone abuses the information within your organisation or damages it unintentionally. The question is, how to restrict and supervise the usage of these privileges. After all, administrators have access to your organisation's most crucial information.

Keep administrator rights in control

Superuser Privilege Management leashes the power of administrators. The restriction of rights to individual tasks minimises the risk of abuse and accidents. If something goes wrong despite the precautions, detailed logging enables thorough investigation: who did what and when.

This is how Superuser Privilege Management works

Superuser Privilege Management is used for monitoring system administrators' activities on selected host machines. Daily administration tasks can be carried out with user-level accounts by permitting running of preselected privileged commands. All the activities are logged on a server, allowing a full replay of the administrators' shell sessions.

In a Superuser Privilege Management system (see figure below), an Agent software is installed on a Submit host and a Run host. The Agent performs command handling and user session logging. It is also possible to combine the functions of the Submit Host and the Run Host into a single server.

An administration service is installed on a Management Server. The administration service has a web interface used for configuring the hosts under control.

The log files are stored on the Management Server. In addition, when a privileged command is executed, it is logged on a log server using syslog logging feature.

This is how a command is handled step by step:

  1. The Administrator runs a privileged command on the Submit Host.
  2. The Submit Host queries the Management Server whether this command is permitted for the Administrator’s user account.
  3. Several rules define the activity restrictions based on criteria such as executed command, initiating user, target resource or time.
  4. The Management Server grants the authorisation and logs the activity.
  5. The Submit Host relays the command to the Run Host, which executes the requested activity.
  6. The Run Host writes log entries of the executed activity and its effects.

Securing a crucial service platform

An single-site organisation is running a high-availability service that needs to be duplicated. To maximise the availability, mirroring to a different site needs to be set up. A data centre service could be a solution but the administration could turn out tricky regarding security policies.

With Superuser Privilege Management, the maintenance can be safely left to the data centre administrators. This is enabled by restricting the tasks they can perform and logging all their activities. And, if a misuse is suspected, all the commands can be replayed.