[CentOS] OT: Q: Howto implement a monitored Shell for remote logins

Will McDonald wmcdonald at gmail.com
Tue Nov 14 20:18:00 UTC 2006

On 14/11/06, Sanjay Arora <sanjay.k.arora at gmail.com> wrote:
> I sometimes need to allow sub-contracted admins root ssh access to my
> servers. Later, I always wonder what they did during access.
> Is there any shell that provides all shell abilities to the remote user
> but monitors/emails a designated user each command executed in the shell
> terminal and does not allow the user (even root) to modify the bash history file or
> similar shell history file, or maybe sending each command by email to a
> remote server, so that modifying history becomes out of question?

If you only allow them to...

$ sudo su -

... doesn't sudo then keep track of their actions? There are other
alternatives, sudosh for one.


I'm pretty certain there are others too, from memory of the last time
I looked into shell auditing.


More information about the CentOS mailing list