- Create regular users for every administrator
- Configure sudo to allow administrators run any command as rot using sudo
- Disable the actual root logon
sudo vim /var/log/secure, where the first one will run interactive root shell (allowing one to start running commands as root directly from the shell without any logging) and the second one starts editor on the sudo audit log (log name may be different on different systems) allowing to delete or edit any audit lines one deems unsightly (for example change your user name to somebody else's in that line that says rm -rf /oracle :) ). What are the ways to prevent this?
- Exclude potentially dangerous commands such as command shell and editor without arguments from the sudo config
- Set a strict list of administration commands that is allowed for execution by administrators
- Use external auditing mechanisms such as auditd daemon
- Use external privilege restriction mechanisms such as SELinux.