Privileged UNIX accounts are a concern for auditors because of their enormous power and simultaneous lack of accountability. In UNIX and Linux, privilege can be established two ways: by using a root account that is a full-access pass on the network, or by using a limited user account and adding sudo access commands as needed to perform specific privileged tasks.
Both of these methods present security and compliance problems: managing who has access across multiple UNIX/Linux systems and controlling the use of the root accounts.
Implementing identity access management on UNIX can be difficult because either a federated identity system or a bridge to AD is needed to allow the mapping of AD accounts to UNIX identities. Some administrators will attempt to manually manage unlinked user accounts per user across multiple UNIX environments, or use a synchronization or provisioning tool to do so. Other teams may use generic shared accounts and then control access to those shared accounts. Either way, the solution needs to be manageable and provide irrefutable accountability for who is using the system and what they are doing.
Root accounts are the most powerful accounts on a UNIX system and, without a ROOT management tool to bring accountability, cause three major problems for security and compliance:
- No safety net. For example, if LINUX system administration is performed by an admin that is tired or a little careless, there is nothing preventing them from accidentally deleting a system file.
- No accountability. If a disgruntled employee uses the account with ulterior motives, there is no way to tell which employee caused the damage.
- Transfer of privilege. If an application is executed using a root account, that application gets the full network privilege of root. Because applications can contain vulnerabilities, this creates a vulnerable point of exploitation.
Ideally the use of UNIX root accounts is limited and utilities such as sudo are in place to raise privilege while keeping the user accountable. In the case of shared accounts, and for certain configuration changes, root access is still required. Access to both sudo and the root password need to be controlled, and only one individual should know a password at any point in time to ensure there is accountability for any actions taken using the account. These accounts should also have their passwords rotated on a regular basis to prevent any brute force attacks on the password.
Secret Server enables IT teams to control and monitor who has access to each privileged credential on the network. It includes automatic password rotation, password length and complexity enforcement, and full accountability through user audit trails and advanced access and oversight controls.