One Identity, a proven leader in identity-centred security and the corporate sponsor of the open source Sudo project, announced that a new version of Sudo that enables Sudo to be risk-aware, among other features. It adds security measures and extensibility needed for effective management of privileged access. Sudo 1.9, which is available immediately, enables central collection of Sudo logs, provides additional plugins for audit and approval, and allows Sudo plugins to be written in Python. Organisations can increasingly leverage Sudo to manage the use of privileges across systems and can audit that use for increased visibility into privileged access with these and other enhancements.
To give certain users the ability to run commands as another user, Sudo is a widely distributed open source application that allows a systems administrator to delegate privileges. Common uses of Sudo include installation of certain applications and changing of systems settings and controls. The capabilities and possibilities of Sudo served as the topic for a widely popular One Identity-led session at this year’s RSA Conference.
Sudo 1.9 enhancements enable Sudo functions to drive key IT and security strategies:
Centralised Logging: Whereas previously Sudo I/O logs were only stored locally, Sudo 1.9 includes a log server which can be used to consolidate and simplify logging.
Rich Auditing: Third-party software providers can leverage the audit plugin to write a third-party plugin to pull detailed data from Sudo sessions, aiding in auditing and best-practice review. For example, an audit plugin can access full details of the invoking user and the full execution environment for the given command.
Just-in-time Command Approval: This enables third-party plugins to be written that would provide the ability for administrators the option to enable just-in-time authorisations for Sudo commands adding an additional layer of security.
Python Plugin Support: Sudo 1.9 adds support for third-party Sudo plugins written in Python. Some available Python plugins can be found at: https://github.com/OneIdentity
"Sudo 1.9 introduces new features that are particularly useful in an enterprise environment. From centralised keystroke logging to a more accessible plugin framework, version 1.9 creates a wealth of new possibilities when it comes to security and compliance" said Todd Miller, software developer senior engineer at One Identity, developer and maintainer of the open source Sudo project. "Sudo's flexibility and ubiquity make it a key component of a company's identity and access management strategy."
In response to the recent Sudo release, product manager for the privileged access management portfolio at One Identity Tyler Reese remarked, “One Identity has been a corporate sponsor of Sudo for more than 10 years. We are excited to sponsor another major release of Sudo that brings additional functionality to the community, allowing users to better protect and enhance monitoring their systems. This new version of Sudo changes the game how organisations can control risk in their UNIX and Linux environments.”