Given SSH access, what should I do to protect a server and monitor (dangerous) user actions?

Context:

• Small business, mostly a software house for web applications but also some desktop software.
• Many external collaborators, so a variety of outside users with access to the servers.
• Single physical server, with Linux and Xen as a virtualization solution - each VM has specific uses and controlled access. External users can access two of them
• The (virtual) servers provide a variety of services: LAMP stack, email, DNS, etc. This question pertains to my concerns with local user access
• Users can SSH into two of the VMs

Requirements

• Give users access to common development tools, both for web (PHP, Ruby on Rails, etc) and standalone applications (gcc, g++, etc); this includes not only compilers and the like but also editors. Right now, they have full shell access.
• Users must be able to use source control on the server: svn and git
• Some have access to MySQL databases

Question

What steps should I take in order to:

1. Provide a full shell to the users if possible, or equivalent solution that meets the requirements above in a safe manner
2. Automate monitoring of dangerous activities where possible (as in sudo/su notifications)
3. Minimize effects if a user gets his hands on a 0day privilege escalation exploit before someone patches it on the server - is this even possible?

Asked by user618 (345 )
Jan 12, 2011 at 19:52