If you're like me and work for a company who has many linux admins all logging into servers and then su'ing to root, you may find this tip beneficial. It is simply 3 lines that you add to root's .bash_profile which will keep separate history files for each admin that su's to root and the commands they ran. It will allow you to go back and see what the user did as root. Granted the user could delete the history file, but we are only interested in keeping separate history files and going back to review if necessary. You may need to implement a policy or have an agreement with the admins which states no one will delete the history files.
Full story »