I think the best way to give feedback to admins who mistakenly logged in as root is to disable root logins whilst still allowing su and sudo. Alternatively have root's .profile display a suitable feedback message and optionally then exit.
If anyone other than an admin is mistakenly logging in as root, you definitely need to at least change root's password :-)
OK, you have revised the question to clarify what it is you want to achieve. You need to minimise the number of services that allow logins and ensure all of them records a successful login. SSH records successful logins via syslog.
If you have several people logging in as "hudson", you need to stop that. It should be a site policy that admins each log in using a unique userid.
You need to ensure that logfile rotation is adjusted so that you can search older logs for whatever period you fell necessary.
You could certainly have a script scheduled by cron that daily greps logins from syslog and which also checks timestamps on critical configuration files.
In addition there are plenty of tools for monitoring configuration file changes. Many Unix systems have an audit subsystem that can be enabled and which could also help.
Personally, I suspect that the best way to provide feedback in the event of a mistake is not to hunt for someone to pin blame on but to explain the problem to the whole group, explain why the change was a mistake and solicit ideas for preventing mistakes.
Best Answer
From a
cmd
window run: