Details

sudo can use a custom log file

Rationale:

A sudo log file simplifies auditing of sudo commands

Solution

edit the file /etc/sudoers or a file in /etc/sudoers.d/ with visudo -f and add the following line: and add the following line:

Defaults logfile=’‘

Example

Defaults logfile=’/var/log/sudo.log’

Notes:

visudo edits the sudoers file in a safe fashion, analogous to vipw(8). visudo locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks or parse errors. If the sudoers file is currently being edited you will receive a message to try again later.

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/2658

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.

References

• 800-53|AU-12
• CSCv7|6.3

Source

• Tenable.com/audits