| 1 |
Hi, |
| 2 |
|
| 3 |
That works well, until the users type sudo bash like I saw many ppl doing... |
| 4 |
|
| 5 |
Ricardo Loureiro |
| 6 |
|
| 7 |
On Thursday 12 October 2006 17:17, Longman, Bill wrote: |
| 8 |
> One point you may want to take into account is the audit trail you get from |
| 9 |
> sudo. I think it's far better to see who actually logged in and then what |
| 10 |
> they did. I turn off ssh root login on all my machines, period. My admins |
| 11 |
> must log in as themselves and then sudo when they need to. I can then see |
| 12 |
> login activity and sudo activity for any individual with little |
| 13 |
> deniability. Also, in my experience, simply move the SSH port somewhere |
| 14 |
> other than 22. I've moved it off that port on most systems and the script |
| 15 |
> kiddies have simply vanished. It will keep your logs much cleaner! |
Archives