PUMX

(click on images for higher definition view)

PUMX flow diagramOrganizations using Sudo may implement Privileged User Manager ® (“PUM”) without significantly affecting the way that their super users currently access the Managed Servers.  The PUMX utility supplied with PUM simulates the use of Sudo so that super users may continue to access the Managed Servers directly, replacing the ‘sudo’ prefix to commands with ‘pumx’.  Of course, users can continue to use the ‘sudo’ prefix in the event that sudo is symbolically linked to pumx, resulting in no required changes in operation at all.  In all other ways the PUMX utility appears to the user to work exactly the same as Sudo.    

Instead of authenticating the commands against the local or remote sudoers file, the commands entered are validated by one or more PUM Access Servers.  Communication with the Access Servers is via SSH.  All auditing of commands and, optionally, the information returned, is also centralized.

In this way, all access policy for privileged users can be defined centrally via the PUMAdmin web browser user interface, but access to the Managed Servers can continue to be local, with minimal disruption for systems administrators who are currently using Sudo.

PUMX offers the following features:

  • Sudo-compatible utility – PUMX  is based on the Sudo code-base; 
  • Uses SSH to communicate with PUM Access Server(s);
  • Allows for Access Policy to be defined centrally;
  • Access Policy may differ for the same User on different Managed Servers, or at different times;
  • Centralized, encrypted, indelible audit trail – not accessible to any normal user or held in clear text as Sudo;
  • Audits both input and output (Sudo just audits input);
  • Role-based access control – following ITIL , COBIT and ISO 27001 best practice.