ソリューションが必要です
Recently we had a scenario where some of the policies are disabled by a admin, now the question is i need to trace out the user who has performed this one.
In the auth.conf file we have many people who have admin privileges, will there is a way where we can trace out the activity performed by the user.
In Unix once a user gets logged into gui all activities performed by that user will get the process ownership of root instead of user id.