On Wed, Apr 30, 2003 at 01:32:12AM +0200, David Jardine wrote: > On Wed, Apr 30, 2003 at 03:28:37AM +1000, bob parker wrote: > > the problem with logging in as > > root means that everything you do is done silently. > > > > When you `sudo whatever command` your actions will be logged, so if you do > > stuff anything you can view the logs to see what you did. > > Is this something more than bash_history? Yes. It goes to /var/log/auth.log. > > I use logcheck with the output mailed to me. Everything I do with > > sudo comes back to me for review. > > Did you have to set this up specially? I don't remember others > mentioning it in this thread as the great advantage of doing it the > proper way. And since the point seems to be that logging in as root > has the potential to blow your system to smithereens, reading how it > was done wouldn't be all that much of a consolation. I don't know, but I imagine it would be quite easy to have logcheck email you lines that look like this: Apr 30 23:09:31 thebox sudo: rob : TTY=pts/19 ; PWD=/home/rob/ ; USER=root ; COMMAND=/bin/ls -- Rob Weir <rweir@ertius.org> http://www.ertius.org/ GPG keys: 1024D/1E73B7CD, 4096R/3ABDE5EC | Do I look like I want a CC? Words of the day: InfoSec condor Firefly cypherpunk Freeh Maple Exon Shell
Attachment:
pgpQkEAaUypHA.pgp
Description: PGP signature