From owner-freebsd-questions  Wed Apr  3 17:50:40 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mta05.mail.mel.aone.net.au (mta05.mail.au.uu.net [203.2.192.85])
	by hub.freebsd.org (Postfix) with ESMTP id 258FB37B41B
	for <freebsd-questions@freebsd.org>; Wed,  3 Apr 2002 17:50:36 -0800 (PST)
Received: from ausyddtp0050.ozemail.com.au ([203.166.67.234])
          by mta05.mail.mel.aone.net.au with ESMTP
          id <20020404015035.WJLP28869.mta05.mail.mel.aone.net.au@ausyddtp0050.ozemail.com.au>;
          Thu, 4 Apr 2002 11:50:35 +1000
Message-Id: <5.1.0.14.2.20020404114312.01c17020@pop.ozemail.com.au>
X-Sender: rbyrnes@pop.ozemail.com.au
X-Mailer: I wish it was Linux
Date: Thu, 04 Apr 2002 11:50:31 +1000
To: "Galella, Anthony" <anthony.galella@intel.com>
From: Rob B <rbyrnes@ozemail.com.au>
Subject: Re: verbose logging of root?
Cc: "'freebsd-questions@freebsd.org'" <freebsd-questions@freebsd.org>
In-Reply-To: <59F55CE047A6D51196360002A534A4AC3703E0@pysmsx102.py.intel.
 com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

At 03:06 4/04/2002, Galella, Anthony sent this up the stick:
>This is more of a Un*x question rather than FBSD specific.
>
>Is it possible to do extremely verbose logging of all everything done by
>root for security purposes?
>
>
>We ssh to the server and I can make ssh do verbose logging, but that logs
>every user, I just need to log from the point someone su's to root.

This is not a *direct* answer to your question, but an alternative suggestion.

Rather than letting users su to root, why not use a tool such as sudo 
(/usr/ports/admin/sudo)?  sudo will log every command, and has an extensive 
permissions system in it's conf file.  sudo also prevents every user who 
needs root permissions from knowing the root password, they simply use 
their own password.  sudo also logs any unauthorised usage.

Cheers,
Rob


--
Hey, go buy a plane ticket to another state of mind, okay?

[15200.8 km (8207.8 mi), 262.8 deg](Apparent) Rennerian
This is random quote 504 of a collection of 1223


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message