Re: sudo

EIDW Spotter wrote:
Is there anyway to track exactely what a user does once they use sudo? I
know about the sudolog, is there an other way as this just list sudo su -

If you want to consider a commercial alternative, including full
keystroke logging capabilities, you may want to have a look at
PowerBroker. Sort of sudo on steroids for $$($):

Of course, even with PowerBroker, if one does or allows something
sufficiently insecure, the keystroke logging can be bypassed, e.g.:
$ pbrun xterm
or equivalent thereof (last I was aware, PowerBroker doesn't log X11
events, including their keystrokes).

But as with sudo, at least you'll know someone ran a command which
doesn't allow full logging of precisely what was done with the command