Ensure sudo log file exists

Details

sudo can use a custom log file

Rationale:

A sudo log file simplifies auditing of sudo commands

Impact:

editing the sudo configuration incorrectly can cause sudo to stop functioning

Solution

Edit the file /etc/sudoers or a file in /etc/sudoers.d/ with visudo or visudo -f and add the following line:

Defaults logfile=’‘

Example

Defaults logfile=’/var/log/sudo.log’

Supportive Information

The following resource is also helpful.

https://workbench.cisecurity.org/files/3379

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.

References

800-53|AU-3
800-53|AU-3(1)
CSCv7|6.3

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles