On Mon, 2007-07-30 at 08:11 -0500, Eric Crist wrote: > On Jul 30, 2007, at 7:34 AMJul 30, 2007, Adam J Richardson wrote: > > > Tom Evans wrote: > >> This seems great in principle, but of course, you just gave them a > >> root > >> shell, and so they can delete their log file easily enough... > > > > You could have cron email it to you every 5 minutes. Unlikely he'd > > check the crontab immediately, unless he was really bent on the > > system's destruction. Likely you'd have at least some evidence of > > his behaviour. Of course your email box would fill up quickly. > > > > Adam J Richardson > > > > Tom, > > If you're really all that worried about this, don't give them root > access. You could simply sit at the console with them while they > work. IIRC, they're a contractor, not an employee. Your presence > during such operations wouldn't be abnormal for a contractor. > > HTH > > Eric Crist
I'm not at all worried; the OP was. I was merely pointing out that most auditing solutions have issues that can be worked around by a malicious user; sometimes you just have to trust someone.
Description: This is a digitally signed message part