![Control Root Privileges](/assets/images/bt/blog-root-remedy-checklist.jpg)
- Provision and deprovision users
- useradd <username>
- usermod <username>
- userdel <username>
- Network maintenance
- ifconfig <interface> <parameters>
- netstat <parameters>
- route <parameters>
- Disk/Filesystem maintenance:
- mount <device> <path>
- umount <device>
- Df
- Kernel configuration
- echo <parameter> > /proc/kernel/<attribute>
- vi /etc/system
- vi /etc/sysconfig
- Kernel/App crashes
- sar <parameters>
- crash <parameters>
- Killing runaway or hung processes
- kill <signal> <process>
- ps <parameters>
- Software install / updates
- Fine-grain delegation to permit admins to perform only the tasks they need to perform.
- Support for time-based policies which ensures tasks are only performed during maintenance windows or after hours. This would ensure the privileges are only available during those times.
- Just-in-time approvals to permit admins to request a list of actions that can be approved by a manager or peers.
- A way to re-authenticate users or prompt for a second factor of authentication when performing highly sensitive operations or accessing sensitive information.
- Centralized policy management to simplify the management of policies across hundreds or thousands of servers.
- Centralized auditing to simplify compliance and speed up forensics.
- Controls to prevent users from circumventing the business policy and process.
- Allow the elevation and auditing for non-interact user activity like scripts and application processing.
- A way to integrate with IAM platforms for provisioning/de-provisioning so policies can be data-driven and managed with business automation.
- Security and compliance auditing will require extensive reporting of activities to ensure accountability and to identify rogue or unauthorized activity.
- Efficient way to locate suspect activity when doing a forensic investigation. This needs to take seconds vs. days or weeks to track down activity.
![Photograph of Paul Harper](https://assets.beyondtrust.com/assets/images/user-photos/pharper.png?auto=format&q=80)
Paul Harper, Product Manager, BeyondTrust
Paul Harper is product manager for Unix and Linux solutions at BeyondTrust, guiding the product strategy, go-to-market and development for PowerBroker for Unix & Linux, PowerBroker for Sudo and PowerBroker Identity Services. Prior to joining BeyondTrust, Paul was a senior architect at Quest Software/Dell. Paul has more than 20 years of experience in Unix/Linux operations and deployments.