From owner-freebsd-questions@FreeBSD.ORG  Mon Jul 30 13:21:02 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 45CC616A41A
	for <freebsd-questions@freebsd.org>;
	Mon, 30 Jul 2007 13:21:02 +0000 (UTC)
	(envelope-from ronald-freebsd8@klop.yi.org)
Received: from smtp-out2.tiscali.nl (smtp-out2.tiscali.nl [195.241.79.177])
	by mx1.freebsd.org (Postfix) with ESMTP id 0C59113C4DE
	for <freebsd-questions@freebsd.org>;
	Mon, 30 Jul 2007 13:21:02 +0000 (UTC)
	(envelope-from ronald-freebsd8@klop.yi.org)
Received: from [82.171.39.195] (helo=guido.klop.ws)
	by smtp-out2.tiscali.nl with smtp (Tiscali http://www.tiscali.nl)
	id 1IFVBE-0008Vf-Ln
	for <freebsd-questions@freebsd.org>; Mon, 30 Jul 2007 15:21:00 +0200
Received: (qmail 94891 invoked from network); 30 Jul 2007 13:20:50 -0000
Received: from localhost (HELO guido.klop.ws) (127.0.0.1)
	by localhost with SMTP; 30 Jul 2007 13:20:50 -0000
Date: Mon, 30 Jul 2007 15:20:49 +0200
To: "Eric Crist" <mnslinky@gmail.com>,
	"Adam J Richardson" <fatman.uk@gmail.com>
From: "Ronald Klop" <ronald-freebsd8@klop.yi.org>
Content-Type: text/plain; format=flowed; delsp=yes; charset=us-ascii
MIME-Version: 1.0
References: <050b01c7ce16$960a0570$6400a8c0@msdi.local>
	<1185794014.1444.7.camel@localhost>
	<46ADDAC2.3010404@crackmonkey.us>
	<AE852C96-F0CB-4737-BA3E-428E2AFA88BD@gmail.com>
Content-Transfer-Encoding: 7bit
Message-ID: <op.tv94oz0p8527sy@guido.klop.ws>
In-Reply-To: <AE852C96-F0CB-4737-BA3E-428E2AFA88BD@gmail.com>
User-Agent: Opera Mail/9.22 (FreeBSD)
Cc: Tom Evans <tevans.uk@googlemail.com>, freebsd-questions@freebsd.org,
	Ian Lord <mailing-lists@msdi.ca>
Subject: Re: Root access loggin
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Jul 2007 13:21:02 -0000

On Mon, 30 Jul 2007 15:11:06 +0200, Eric Crist <mnslinky@gmail.com> wrote:

> On Jul 30, 2007, at 7:34 AMJul 30, 2007, Adam J Richardson wrote:
>
>> Tom Evans wrote:
>>> This seems great in principle, but of course, you just gave them a root
>>> shell, and so they can delete their log file easily enough...
>>
>> You could have cron email it to you every 5 minutes. Unlikely he'd  
>> check the crontab immediately, unless he was really bent on the  
>> system's destruction. Likely you'd have at least some evidence of his  
>> behaviour. Of course your email box would fill up quickly.
>>
>> Adam J Richardson
>>
>
> Tom,
>
> If you're really all that worried about this, don't give them root  
> access.  You could simply sit at the console with them while they work.   
> IIRC, they're a contractor, not an employee.  Your presence during such  
> operations wouldn't be abnormal for a contractor.

I don't have the original post of this, so I don't know the details, but  
this sounds like a good project for remote audit logging. Or is that only  
in FreeBSD 7?
Or use accounting: accton(8).

Is it possible to setup an accounting file as an named pipe, to log to a  
remote host?

Ronald.

-- 
  Ronald Klop
  Amsterdam, The Netherlands