Disable root Login by changing following line of /etc/ssh/sshd_config
PermitRootLogin noExecute following command to reload ssh service
service sshd reloadDisable 'sudo su' by changing following line of /etc/sudoers
Cmnd_Alias NSHELLS = /bin/sh,/bin/bashCmnd_Alias NSU = /bin/su%Domain\ Admins ALL=(ALL) ALL,!NSHELLS,!NSUMonitor terminal command executed by user by adding following line at /etc/pam.d/sshd and vim /etc/pam.d/login
# pam_selinux.so close should be the first session rulesession required pam_tty_audit.so enable=*sudo cp /usr/share/doc/audit-2.8.1/auditd.cron /etc/cron.weekly/
You can get report by executing following commands -
aureport --tty