1 |
Hi, |
2 |
|
3 |
That works well, until the users type sudo bash like I saw many ppl doing... |
4 |
|
5 |
Ricardo Loureiro |
6 |
|
7 |
On Thursday 12 October 2006 17:17, Longman, Bill wrote: |
8 |
> One point you may want to take into account is the audit trail you get from |
9 |
> sudo. I think it's far better to see who actually logged in and then what |
10 |
> they did. I turn off ssh root login on all my machines, period. My admins |
11 |
> must log in as themselves and then sudo when they need to. I can then see |
12 |
> login activity and sudo activity for any individual with little |
13 |
> deniability. Also, in my experience, simply move the SSH port somewhere |
14 |
> other than 22. I've moved it off that port on most systems and the script |
15 |
> kiddies have simply vanished. It will keep your logs much cleaner! |