Root access loggin

Ronald Klop ronald-freebsd8 at klop.yi.org
Mon Jul 30 13:21:02 UTC 2007


On Mon, 30 Jul 2007 15:11:06 +0200, Eric Crist <mnslinky at gmail.com> wrote:

> On Jul 30, 2007, at 7:34 AMJul 30, 2007, Adam J Richardson wrote:
>
>> Tom Evans wrote:
>>> This seems great in principle, but of course, you just gave them a root
>>> shell, and so they can delete their log file easily enough...
>>
>> You could have cron email it to you every 5 minutes. Unlikely he'd  
>> check the crontab immediately, unless he was really bent on the  
>> system's destruction. Likely you'd have at least some evidence of his  
>> behaviour. Of course your email box would fill up quickly.
>>
>> Adam J Richardson
>>
>
> Tom,
>
> If you're really all that worried about this, don't give them root  
> access.  You could simply sit at the console with them while they work.   
> IIRC, they're a contractor, not an employee.  Your presence during such  
> operations wouldn't be abnormal for a contractor.

I don't have the original post of this, so I don't know the details, but  
this sounds like a good project for remote audit logging. Or is that only  
in FreeBSD 7?
Or use accounting: accton(8).

Is it possible to setup an accounting file as an named pipe, to log to a  
remote host?

Ronald.

-- 
  Ronald Klop
  Amsterdam, The Netherlands


More information about the freebsd-questions mailing list