Root access loggin
Ronald Klop
ronald-freebsd8 at klop.yi.org
Mon Jul 30 13:21:02 UTC 2007
On Mon, 30 Jul 2007 15:11:06 +0200, Eric Crist <mnslinky at gmail.com> wrote:
> On Jul 30, 2007, at 7:34 AMJul 30, 2007, Adam J Richardson wrote:
>
>> Tom Evans wrote:
>>> This seems great in principle, but of course, you just gave them a root
>>> shell, and so they can delete their log file easily enough...
>>
>> You could have cron email it to you every 5 minutes. Unlikely he'd
>> check the crontab immediately, unless he was really bent on the
>> system's destruction. Likely you'd have at least some evidence of his
>> behaviour. Of course your email box would fill up quickly.
>>
>> Adam J Richardson
>>
>
> Tom,
>
> If you're really all that worried about this, don't give them root
> access. You could simply sit at the console with them while they work.
> IIRC, they're a contractor, not an employee. Your presence during such
> operations wouldn't be abnormal for a contractor.
I don't have the original post of this, so I don't know the details, but
this sounds like a good project for remote audit logging. Or is that only
in FreeBSD 7?
Or use accounting: accton(8).
Is it possible to setup an accounting file as an named pipe, to log to a
remote host?
Ronald.
--
Ronald Klop
Amsterdam, The Netherlands
More information about the freebsd-questions
mailing list