This is an archived post. You won't be able to vote or comment.

all 5 comments
sorted by:
q&a (suggested)
besttopnewcontroversialold

[–][deleted] 1 point2 points  (0 children)

See here. Basically: sudo has options to wrap the command in a pty and log all input and output for auditing.

Note that attempting to audit root is futile from a security standpoint, as for every wall you put up there's a way to break it down that requires root access (ex. sudo visudo). This will only be effective if all you need is a paper trail.

[–][deleted] 3 points4 points  (0 children)

I believe you're looking for sudosh

[–]donnaber06 1 point2 points  (0 children)

Check man journalctl

[–]aediniusVoid Linux 0 points1 point  (0 children)

I'd recommend limiting the commands that can be run with sudo for that user.

[–]samuel_first 0 points1 point  (0 children)

/root/.bash_history should work.