Audit trail via Process Accounting
Thu, 09/11/2008 - 11:42 — sandip(via www.cyberciti.biz)
Intrusions can take place from both authorized (insiders) and unauthorized (outsiders) users. My personal experience shows that unhappy user can damage the system, especially when they have a shell access. Some users are little smart and removes history file (such as ~/.bash_history) but you can monitor all user executed commands...