Re: How to track down which commands sudoers set up?

[Michael Rice <michael () riceclan org>]

> > I'd like to find out what exactly any user did after they turned to 
> > superuser
> > and when exactly each cmd was processed (in a Linux box).
> >
> > Can someone help me managing this?

Others have already extolled the virtues of sudo and why to use it over 
su.  For myself, I use a facility based on 'script' to further enhance 
sudo -- when our users feel required to be in a root shell I have a 
process that they can use to provide me with a log of their session.

There was a very similar project called sudosh that could be found on 
sourceforge.  Either of these, like sudo, provides auditability if you 
set it up ahead of time, but doesn't really protect you from the 
malicious and clever user who can use it to modify their own logs.

An interesting new project from the sudosh author is EAS 
(http://eas.strchr.net/).  I haven't used it yet, but it looks promising 
to fill the niche sudo leaves.