su is a binary (e.g. a file in /bin/su on some systems). You could move this binary to something like /bin/secret_su or a cryptic name then create a wrapper script named su in its place. In the wrapper script you check to see see if the su command was called by sudo and if so you have it execute secret_su - if not you issue a message and exit something like:
Error: You must use 'sudo su' rather than just 'su'.
The reason why use of sudo is considered (by some) to be better is that sudo logs everything it does so theoretically you can see who did what on a system. If this is important to you then you should insure you're sending logging to another server to prevent someone who became root from simply deleting the logs to hide their tracks. In many distros "sudo su" is NOT required.
Last edited by MensaWater; 01-26-2012 at 01:42 PM.