A quick tip from the BAFM
Tips from the Bastard admin from Michigan, round 1:
When annoying users are doing illegal things on your network ike downloading the latest release movies and talking to them doesn't do a thing, there's no need to rm -rf /home/badluser and have them know it was you!
Simply use chsh !
Use chsh, and when it gets to the text editor on FreeBSD to ask which shell you'd like for them to use from now on, there is nothing stopping you from making it a script, an app, or a command (This is how, after all, those custom log in scripts usually work when admins make a menu system for users to do common tasks!)
So make their log in shell rm -rf /home/badluser/*
The possibilities are endless!
(And in case you're not picking up my point yet, I'm taking a humorous approach at the important part of checking EVERYTHING on your systems when you're doing an audit for security, not just the logs, to see what problems you can find, if you get rooted, it isn't just the Kernel, /tmp, and the more obvious file system areas that get used, always check if log in information has been changed FROM SINGLE USER to avoid a cracker getting away because you logged in as root to read log files and instead unlinked the file system!)
I'm not sure if this has been talked about before or not, I came up with the idea when I was looking at a chapter on chsh in a FreeBSD book where it was talking about setting up custom log in scripts so you could make a little menu system like "Mail F1 news F2 Vi F3 Shell F4" and so on.
My curiosity got the best of me wondering if rm worked with it too... Turns out it works very well :)
The book said for mail system you could chsh and make the user's shell mutt and I thought "Hey why not" chsh to rm and or make a Perl script that runs rm -rf / and yea it works pretty well, heh.
I added the part on why I posted this because I'm sure someone would have been like "Why would you say this!?!?!?!? That's not very responsible !" and miss the point.