Some Unix systems have /var/sulog to see who SU'ed to root and what commands were executed. Are there ways of setting the history to file (and how much of it should be saved)?
- lascomm -- all commands executed (by user and tty)
- acctcom -- same as above
- acctcms -- all commands executed by time of day, but some are only available according to what the shell is running (currently we are using Bash on Linux)
Whenever I'm looking for sysadmin utilities, I always head to the Perl CPAN network, since Perl is so widely used for system administration functions. Beyond that, I recommend some Google searching for terms like "PC superuser logging" to see what's available.
This was first published in November 2004