Overcoming A Common Admin Black Hole: Linux Management

Written by David Worthington on January 17, 2022

Share This Article

Most IT infrastructure within a small to medium-sized enterprise (SME) runs heterogeneous environments with a combination of Windows and Mac desktops, embedded Linux, Linux servers, and mobile devices. Oftentimes Linux devices aren’t always managed, or are run in ad hoc lab environments by IT team members, and should not be left unchecked. 

Lack of visibility creates attack vectors (like unpatched systems and uncontrolled permissions) within the confines of the corporate network. This issue is compounded by the fact that many IT admins aren’t always proficient in Linux in particular, and may miss things for the sake of quickly setting up the system itself. For instance, one of my IT managers had a part-time intern creating custom programs on a Raspberry Pi that were unmanaged by Active Directory. Locking all of your doors and windows, but leaving a key underneath the welcome mat, doesn’t leave a home secure.

To solve this, JumpCloud provides visibility and governance across all major OSs, including Linux, with centralized governance and device management.

An Active Directory Admin’s Linux Black Hole

We’re all sinners, and I’m no different. In my former role as an IT director in manufacturing, my Windows devices were all protected with layered security controls, but the few Linux devices that we had in our fleet were a governance afterthought. For example, the IT manager’s desktop, the intern’s device on the factory floor was used for scanning labels, and a DVR system were all unmanaged when my tenure at the company began. 

I’ll admit that we never “got there” from a governance standpoint with those Linux devices; a silo was predestined because we were built around Active Directory domain controllers that shunned Linux devices. That approach created an IT management black hole and placed an inordinate amount of trust into those systems and the people who used them. My Linux devices lacked a secure configuration and anything resembling adequate visibility. Linux devices aren’t special unicorns: every OS should have a secure configuration and basic management.

This is where JumpCloud’s cloud directory stands out. It works cross-OS, without the veritable hydra of device management constraints that stem from legacy platforms that were initially engineered to focus on a single operating system. I recently wrote an article about JumpCloud’s new lock screen policy for Linux that delivers the same governance across devices, whether it be Linux or Windows. It’s a big deal, especially if you care about security. Managing Linux policies, patching Linux, and having access to security commands is vital for IT hygiene.

JumpCloud’s Linux Management Capabilities

JumpCloud’s Linux lock screen policy feature is significant in the work-from-anywhere world that exists today. A laptop that’s left accessible in a public place without that simple policy is a terrible idea, and the same holds true within a real office, with concerns about physical security on the rise. Lock screens are a technical control that prevents unauthorized access to IT assets, some of which might be an organization’s protected/classified information.

The lock screen policy is just one example of JumpCloud’s many standard, go-to policies that help admins better control and support remote Linux systems, which also include patch management. We recently released drive encryption and lock-screen policies to extend governance to Linux desktops. The JumpCloud console also allows for Sudo access via the system agent to run other custom commands. Just as importantly, System Insights provides an at-a-glance way to take stock of your suite of Linux devices, query endpoints, and compliance information and interrogate machines in a DevOps context to search for security vulnerabilities.

IT admins can also control Linux machines with security commands to lock, restart, shut down, and wipe devices remotely. That’s much more visibility and control than I ever had in my environment. Control is far better than an IT black hole where your only allies are hubris and some good old-fashioned luck.

Try Out Policy Management and System Insights

JumpCloud has Linux covered. Policy Management and System Insights are core platform components, and are available to every SME that adopts JumpCloud as its directory or extends Active Directory with a JumpCloud integration to manage Linux devices.

David Worthington

I'm the JumpCloud Champion for Product, Security. JumpCloud certified, security analyst, a one-time tech journalist, and former IT director.

Continue Learning with our Newsletter