Download the rootsh source code and unpack it in /usr/local folder with a command like
tar xvfz rootsh-1.5.2.tar.gz. At this point you must decide some important things before you start building the binaries. Read the INSTALL file in the extracted rootsh folder, where all the choices are documented. I chose to put rootsh's log files in the standard place, /var/log, not to log in the syslog file as well, and I don't want system line numbering to be written in the log files. At this point you're ready to build the binaries with configure, make, and make install, using arguments to specify the choices you've made:
~# ./configure --disable-syslog --disable-linenumbering
~# make install
After you've installed the binaries, your system is almost ready. You only need to create a rootsh folder under /var/log/ folder --
mkdir /var/log/rootsh -- in order for rootsh to be able to put log files there. This procedure is not documented, but it's a must.
Suppose you have three sysadmins who need to administer a specific server. Make a local user for each, and disable root login thru SSH. Every root user who logs into the system needs to run the command
sudo rootsh in order for rootsh to start logging. To make life easier, you can put this command in users' .bash_profile file. Then every time a user logs in, rootsh will create a new log file under /var/log/rootsh. Log file names have the following structure:
In my case, if I list the content of the rootsh folder, I see files like this:
The formatting in each log file looks exactly the same as what the user sees on his terminal.
So there you have it. If you don't trust your sysadmins, or if you're just a control freak and want a complete overview of what is going on with your system, you can't go wrong with rootsh.