On Mon, Sep 16, 2013 at 07:48:14AM -0400, Jiri B wrote: > On Mon, Sep 16, 2013 at 01:33:33PM +0200, Bret Lambert wrote: > > On Mon, Sep 16, 2013 at 01:31:58PM +0200, Bret Lambert wrote: > > > On Mon, Sep 16, 2013 at 07:28:21AM -0400, Jiri B wrote: > > > > Usual unix process accounting does not take care about commands' args. > > > > Anyway, you probably won't care about what normal users execute, you > > > > probably want that only for admins/root. Then I would propose to build > > > > a server with conserve (console server) which would be used as source > > > > host to ssh/console to destination servers for admins/root. conserve > > > > can save sessions in text form, you could have a filter and send it via > > > > syslog/whatever to central logging server. > > > > Why make shit more difficult than it need be? From the sudo man page: > > > > > > sudo also supports logging a command's input and output streams. > > > > Er, I meant to copy > > > > sudo can log both successful and unsuccessful attempts > > > > I blame the lack of something in my something system. > > Yes it would be better to use sudo but some env are setup to allow direct > login to root :/
And the fact that they can do this via sudo should serve as an impetus for those admins to stop Doing it Wrong(tm). I understand that there are exceptions to the "best practices dictate root-level access through sudo", but the original email that started this thread seems to indicate that there's a need to keep tabs on some henchmen/underlings/poorly-trained monkies. That screams "don't give them direct root logins", to me.
