Ensure Sudo Logfile Exists - sudo logfile
An XCCDF Rule
Description
A custom log sudo file can be configured with the 'logfile' tag. This rule configures a sudo custom logfile at the default location suggested by CIS, which uses /var/log/sudo.log.
Rationale
A sudo log file simplifies auditing of sudo commands.
- ID
- xccdf_org.ssgproject.content_rule_sudo_custom_logfile
- Severity
- Low
- References
- Updated
Remediation - Ansible
- name: Gather the package facts
package_facts:
manager: auto
tags:
- PCI-DSS-Req-10.2.5
- PCI-DSSv4-2.2.6
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if rpm --quiet -q sudo; then
var_sudo_logfile='<xccdf-1.2:sub xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2" idref="xccdf_org.ssgproject.content_value_var_sudo_logfile" use="legacy"/>'