Puppet Class: cis_security_hardening::rules::sudo_log

Defined in:
manifests/rules/sudo_log.pp

Summary

Ensure sudo log file exists

Overview

sudo can use a custom log file

Rationale: A sudo log file simplifies auditing of sudo commands

Examples:

class { 'cis_security_hardening::rules::sudo_log':
    enforce => true,
}

Parameters:

  • enforce (Boolean) (defaults to: false)

    Enforce the rule



18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'manifests/rules/sudo_log.pp', line 18

class cis_security_hardening::rules::sudo_log (
  Boolean $enforce = false,
) {
  if $enforce {
    file_line { 'sudo logfile':
      path               => '/etc/sudoers',
      match              => 'Defaults.*logfile\s*=',
      append_on_no_match => true,
      line               => 'Defaults logfile=/var/log/sudo.log',
      after              => '# Defaults specification',
    }
  }
}