On 12/19/2017 02:54 AM, Ronald Wimmer via FreeIPA-users wrote:
We have some users that have ALL sudo permissions. What is the best way of keeping track of all actions they do after having switched to the root user? Or would it be better to completely prevent switching to the root user? (if yes, what would be the recommended way of doing that?)

If you're doing this for auditing purposes, you need to use auditd. On a CentOS system, you can simply edit /etc/audit/rules.d/audit.rules and add two lines to the end of the file:

-a exit,always -F arch=b64 -S execve
-a exit,always -F arch=b32 -S execve

Run "/sbin/augenrules --load" to reload the rules.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to