I'm about to hand out my root server password to a company for them to fix an issue that I have with mydns.
I'm sure they are all above board (and I will change the root password after they have finished) but I just want to be sure.
I know (well I think) I can login after them and execute history to see what they did, but I know if they are dishonest, they can just clear the history. I'm worried in case a rogue employee does something malicious or installs keylogging software (which has happened when my mate let another company manage his VPS).
So is there anything I can do? Does the history command backup somewhere? Can I install a keylogger to verify the commands they execute are not malicious?
Any ideas welcome. Ideally I appreciate I shouldn't give out my root password if I don't trust them. But I am in a very difficult situation and have no choice.