5.2.2 Ensure sudo log file is active

Information

sudo can use a custom log file.

Note: visudo edits the sudoers file in a safe fashion, analogous to vipw(8). visudo locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks or parse errors. If the sudoers file is currently being edited you will receive a message to try again later.

Rationale:

A sudo log file simplifies auditing of sudo commands

Solution

Edit the file /etc/sudoers or a file in /etc/sudoers.d/ with visudo -f <PATH TO FILE> and add the following line: and add the following line:

Defaults logfile='<PATH TO CUSTOM LOG FILE>'

Example:

Defaults logfile='/var/log/sudo.log'

See Also

https://workbench.cisecurity.org/files/4119

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-2, 800-53|AU-7, 800-53|AU-12, CSCv7|6.2

Plugin: Unix

Control ID: 82340f9b58ca58483a93fe1fbe74e903d153c0c93d3a97c8c9b5f8ee8fde9815