This is a question I've pondered for a long time and thought was impossible.
Is it possible to prevent administrators of a machine from bypassing the audit capabilities of sudo
or doas
? For instance, running sudo su -
and having a root shell?
I suppose the real question is, is there a way to audit root's activity on a machine?
sudo
group. If you have a real problem, please tell us. Otherwise the answer will only be don't give administrative rights to users that should not have administrative rights. Please also check: What is the XY Problem?