suGUARDsuGUARD is a software tool designed to address security, system access, and layered management. suGUARD adds flexible and secure layered management capabilities to UNIX systems for control of local and distributed applications, programs, and scripts. The suGUARD command profile describes how to run a defined function, and gives information on how, when, where and by whom this command may be executed, including the ability to filter arguments. |
 |
suGUARD's features include the following:
- Create and maintain command profiles with an easy-to-use menu and Motif-based GUI program with context sensitive help
- Use command line interface with script files to perform any menu program function, which can be run without operator intervention
- Establish security level and other privileges required to run a command
- Define requirements for user authentication
- Control access type (e.g. local, network, modem, r-command, batch queues...)
- Limit hosts on which and from which programs can be initiated
- Restrict access based on time-of-day and day-of-week
- Establish maximum runtime restrictions
- Automatically terminate inactive programs or scripts
- Set the UID and GID required to run the program
- Detect unauthorized changes to executable files
- Generate an extensive set of account and auditing reports
- Log all command execution attempts, including what, who, where, and when
- Optionally log each execution of a particular command; including the date, time, command name, executable program path, and arguments passed to the program or script
- Run an alarm script when a command is invoked outside of its parameters