[olug] Sharing root priv, tracking what other root does

[Christopher Cashell]

At Wed, 10 Dec 03, Unidentified Flying Banana netsaint at cox.net, said:

> I'm looking for a way to track what another root user does on a
> sensitive Linux server that I have had exclusive control of.
> Recently, I was strong-armed into giving root access to another.

It's always frustrating when this happens. ;-)

> Prior to sharing control I made it very clear, you break it and I
> kill you'!  When this new root user breaks it, and he/she/it will, I
> should be able to recover nicely using AMANDA.

Good call.  Always be ready for when the new guy screws up. ;-)

> Perhaps my emphatic statement was enough, to date, he/she/it has not
> attempted to login as root.  ;-)

Well, that's a good sign.  Perhaps he knows that root should be used as
rarely as possible.

> Any of you admins have experience in anything?  If so, how did you
> remedy it?

One thing I've used, is to "require"[1] that all root commands be run
via sudo.  sudo defaults to logging all use.  It's not a perfect, nor
foolproof, solution, but it could help a lot.


 [1] Obviously, there's no real way to force this requirement. . . if
     you give out full access to sudo, then there are numerous ways to
     get around the command logging ('sudo -s' being the easiest, which
     runs a shell as root).  However, if other administrators agree to
     abide by using sudo, it can be very effective.

-- 
| Christopher
+------------------------------------------------+
| A: No.                                         |
| Q: Should I include quotations after my reply? |
+------------------------------------------------+