Date: Thu, 04 Apr 2002 11:50:31 +1000 From: Rob B <rbyrnes@ozemail.com.au> To: "Galella, Anthony" <anthony.galella@intel.com> Cc: "'freebsd-questions@freebsd.org'" <freebsd-questions@freebsd.org> Subject: Re: verbose logging of root? Message-ID: <5.1.0.14.2.20020404114312.01c17020@pop.ozemail.com.au> In-Reply-To: <59F55CE047A6D51196360002A534A4AC3703E0@pysmsx102.py.intel. com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 03:06 4/04/2002, Galella, Anthony sent this up the stick: >This is more of a Un*x question rather than FBSD specific. > >Is it possible to do extremely verbose logging of all everything done by >root for security purposes? > > >We ssh to the server and I can make ssh do verbose logging, but that logs >every user, I just need to log from the point someone su's to root. This is not a *direct* answer to your question, but an alternative suggestion. Rather than letting users su to root, why not use a tool such as sudo (/usr/ports/admin/sudo)? sudo will log every command, and has an extensive permissions system in it's conf file. sudo also prevents every user who needs root permissions from knowing the root password, they simply use their own password. sudo also logs any unauthorised usage. Cheers, Rob -- Hey, go buy a plane ticket to another state of mind, okay? [15200.8 km (8207.8 mi), 262.8 deg](Apparent) Rennerian This is random quote 504 of a collection of 1223 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.2.20020404114312.01c17020>