Symark PowerBroker:
Symark PowerBroker is a suite of programs that provides important functionality not otherwise available on Unix systems. The suite encompasses two areas. First, it allows the full administrative powers of the root and other administrative accounts to be shared selectively among many users without having to share the root password. Secondly, it provides a full and indelible audit trail of all actions occurring in important accounts such as root. An indelible audit trail is one so structured that it cannot be modified subsequent to being created and thus does not permit anyone to conceal or obfuscate what has happened. Until Symark PowerBroker, no tools existed to provide this functionality in Unix networks. As a result, companies running Unix have been limited in their ability to share administrative power and have been open to risk from the essentially unauditable actions of system administrators.
Having the ability to share access to the root account selectively without sharing the root password allows system administration to be safely delegated among many users. Each user can be given the power to perform only those administrative actions that fall under that user's responsibility. Without Symark PowerBroker, any user requiring even the slightest amount of administrative power must be given the root password, which gives them access to the full power of root. Thus a person who should only be responsible for mounting disks and tapes would in fact be able to modify corporate databases, reboot machines, add users, and so on. Similarly, someone who should only have access to add or delete users to the system would have full access to killing other user's jobs, impersonating other users, etc. Symark PowerBroker prevents these abuses from occurring, while still allowing people access to the administrative power that they need for the legitimate functions they are to perform.
Maintaining a full and complete audit trail of administrative actions allows sites to track exactly which actions have been undertaken by which people, when, and on which machines. Symark PowerBroker's audit logs are sufficiently complete to contain a full record of the working environment of each administrative program. Included with Symark PowerBroker are programs to query, extract, and present information selectively from the log files.
Log files may also be viewed using a standard Web Browser and therefore, if required, can be viewed by the administrator from any location convenient for him/her. Further, Symark PowerBroker can record keystrokes and replay an entire root session, allowing an after-the-fact look at exactly what a user typed and what was seen on the screen during a session. Without Symark PowerBroker, no way of creating such an indelible record of administrative actions exists in Unix.
Generally speaking, Symark PowerBroker increases the level of control and accountability surrounding the root account on a Unix system, with the goal of allowing Unix sites to better make use of their systems. In particular, Symark PowerBroker is designed to add the following functionality to Unix so that safe, accountable system administration procedures can be implemented:
Selective Access to Administrative Power
Provides the ability to selectively assign administrative powers to specified users.
Generation of Indelible Audit Trails
Provides the ability to log indelibly (for audit purposes) all administrative actions.
Provides the ability to record and replay administrative sessions to obtain an accurate record of everything typed and seen during such sessions.
Protection Against Viruses
Provides a mechanism to protect system administrators from viruses and Trojan horses.
Central Management of Heterogeneous Networks
Provides all of these functions across a (possibly heterogeneous) network, with central configuration and management, and with full fault tolerance (no single point of failure).
How Symark PowerBroker Works
Symark PowerBroker is a set of programs, daemons, and configuration files for Unix systems. Users ask Symark PowerBroker to run programs for them, usually as root. Symark PowerBroker consults one or more central machines to determine if the user's request should be accepted or rejected. If accepted, the program is run, and the user can interact with it in a normal manner. If rejected, the program is not run, and the user is informed that the request is not allowed under the site's policies. In either case, a full log of the request and its outcome is stored on a specified machine.
