5.3.3 Ensure sudo log file exists
Audit#
Run the following command to verify that sudo has a custom log file configured:
# grep -rPsi "^\h*Defaults\h+([^#]+,\h*)?logfile\h*=\h*(\"|\')?\H+(\"|\')?(,\h*\H+\h*)*\h*(#.*)?$" /etc/sudoers*
Verify the output matches:
Remediation#
Edit the file /etc/sudoers or a file in /etc/sudoers.d/ with visudo or visudo -f <PATH TO FILE> and add the following line:
Example: