From owner-freebsd-questions Thu Nov 8 18:41:15 2001 Delivered-To: freebsd-questions@freebsd.org Received: from pr0n.kutulu.org (pr0n.kutulu.org [151.196.107.157]) by hub.freebsd.org (Postfix) with ESMTP id 4E69D37B41A for ; Thu, 8 Nov 2001 18:41:13 -0800 (PST) Received: from cc191573g (cc191573-g.longhill1.md.home.com [24.37.104.136]) by pr0n.kutulu.org (8.11.6/8.11.6) with SMTP id fA92ekk12811; Thu, 8 Nov 2001 21:40:47 -0500 (EST) (envelope-from kutulu@kutulu.org) Message-ID: <01aa01c168c7$40ca1290$88682518@longhill1.md.home.com> From: "Kutulu" To: "Andrew C. Hornback" , "Anthony Atkielski" Cc: "Giorgos Keramidas" , References: <013501c1687a$f47e47e0$6600000a@columbia> Subject: Re: Re[2]: Tiny starter configuration for FreeBSD Date: Thu, 8 Nov 2001 21:35:41 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > But... as it's been pointed out, logging in directly as root doesn't allow > for the audit trail in the logs that logging in as a user and then using > 'su' does. It can give you most of the same information, if you go to the trouble to log sshd logins: Nov 8 21:20:59 <4.6> xxxx sshd[12696]: Accepted publickey for root from 10.15.101.5 port 2890 ssh2 And in many cases, there are so few people who should be logging on as root (often it's just me, or perhaps me and one other person) that it's extremely easy to tell who did what. > Logging in as root from anywhere but the console is bad practice, IMHO. Some of us don't have the luxury of being anywhere near their consoles :) --K To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message