MasterSAM Secure @ Unix/Linux

“Ever since we implemented MasterSAM Secure @ UNIX/LINUX, we don’t use SU or SUDO anymore as MasterSAM introduced us much more effective approach by using privilege escalation and menu-based access control.”

- Head of Data Centre Operation, Telecommunication Industry





MasterSAM Secure @ Unix/Linux


In Unix/Linux environment, SU and SUDO utilities are popularly being used to facilitate the privileged operation and administration. Users would need to supply the root’s password during the switch of account and profile to root privilege. Thereafter, they will have full administrative rights on the operating system, they can even switch to any other privileged account without the needs to supply its password. Once compromised, the damage is rather huge. Organizations should take proactive approach and implement control to ensure that only authorized users are given the privileged access within a specific duration, not at permanent basis. Root’s credential should not be exposed to users at all time, until break glass or disaster scenario. Apart from that, it is best to restrict certain group of users such as operator to access SHELL with the opportunity of command execution.

Is that possible one can login to Unix/Linux server at different ways, besides using the traditional and native client called putty.exe? The answer is – YES. Regardless how strong your network control is, you can never rule out the possibility of someone that tries to login at the console level, or leap-frogging with multiple hops.

MasterSAM Secure @ Unix/Linux is designed for organizations to enforce least privilege principle and apply stringent granular access control over critical system objects, including menu based access. Its surveillance engine provides full transparency and accountability, ensures that each access to the server – regardless the methods of login, either with privilege or normal rights, it is subject for monitoring and control.


Supported Platforms:
• AIX 5.1 and above
bull; HP-UX 11.11 and above
• Solaris 8 and above, x86 or SPARC
• Redhat 2.1 and above
• CentOS 6 and above
• SUSE 9 and above
• Ubuntu
• Other common Linux flavours

Least Privilege Principle
  • Ensure users are assigned with the least privilege by default
  • Reduce the risk of attack surface for users that are granted with full administrator rights at all time
  • Best practice for industry and compliance regulations
Role Based & Dynamic Privilege Escalation
  • Flexible & intuitive management of privileges according to user’s role
  • On demand privilege escalation based on authorized period
  • No involvement of privileged password
Centralised Management & Session Control
  • Connected and managed centrally via MasterSAM Privilege Management System (PMS)
  • Option to automatically terminate user session upon exceeding the approved duration, or allow session continuity with exceptional alert
100% Surveillance Engine For User Session Recording
  • Record each access to server – regardless methods of login (remote, console, leapfrogging)
  • Compensating control to track users that bypass the authorized gateway/proxy
  • Option to record all users’ activities – with or without privileged access
  • • Achieve full transparency and disclosure
In-depth Granular Access Control
  • Restrict system object access on command level
  • Support whitelist & blacklist rules
  • Restrict permission and access during file transfer
  • Non-intrusive and works on top of Unix permission and access control
  • Immediate enforcement without re-login
  • Enforcement still intact despite connection failure with centralised management server
Compliance & System Integrity Check
  • Detect dormant accounts with specific inactive period and their associated services
  • Detect users with root equivalent rights (UID=0)
  • Detect non-compliant servers against simple & restricted password dictionary
  • Detect disabled service running
  • Detect syslog service status