There are really no easy solutions against attackers who can sit at the keyboard of the machine in question. Encrypted filesystems provide a level of protection, but they are cumbersome (to date, at least) to use.
On a well built/tuned/administered GNU/Linux system, local users cannot do lots of damage, since any malicious action will be captured in some system log.
Any administrator worth his/her salt is keeping an eye on the log files under /var/log