I am the owner of a company. I want to keep an audit trail of our Unix administrator who has root access to the CentOS system. How can I configure it such that the audit trail cannot be bypassed and erased even for Root user?
Thanks in advance!
Asked
Active
Viewed 175 times
1 Answers
1
I don't think you can do this effectively if you don't trust your sysadmin. Root user can do anything on the system.
You can disable root access and enable auditing for all sudo actions. However, any sysadmin (has sudo privilege) can know how to disable it. If you can assign specific privileges for specific people that will be better. The less privilege you give to people (whenever possible), the higher security you get.
Khaled
- 36,533
- 8
- 72
- 99