Hi, That works well, until the users type sudo bash like I saw many ppl doing...
Ricardo Loureiro On Thursday 12 October 2006 17:17, Longman, Bill wrote: > One point you may want to take into account is the audit trail you get from > sudo. I think it's far better to see who actually logged in and then what > they did. I turn off ssh root login on all my machines, period. My admins > must log in as themselves and then sudo when they need to. I can then see > login activity and sudo activity for any individual with little > deniability. Also, in my experience, simply move the SSH port somewhere > other than 22. I've moved it off that port on most systems and the script > kiddies have simply vanished. It will keep your logs much cleaner!
pgpUBGWfg4UPV.pgp
Description: PGP signature
