[ale] Auditing root shells

John Wells jb at sourceillustrated.com
Mon Sep 19 09:48:27 EDT 2005


James P. Kinney III said:
> RedHat recommends to make root shell /bin/nologin and use sudo. Runlevel
> 1 becomes impossible with out a boot disk, though.

Yeah...that's my rule currently, but getting a lot of complaints from
admins complaining that "it's too hard/cumbersome" to do.  Doesn't carry a
lot of weight here, but if there's a more implicit solution out there I'm
open to options.

Because of the power of root to remove said logs, it'd be even nicer to
have logging go across the wire to secure, centralized box...

Thanks,
John




More information about the Ale mailing list