---

{{ if .Vars.ubtu24cis_level_1 }}
  {{ if .Vars.ubtu24cis_rule_5_2_3 }}
command:
  log_sudoers_d:
    title: 5.2.3 | Ensure sudo log file exists | sudoers.d
    exec: "grep -Ec '^Defaults logfile=/var/log/*.log' /etc/sudoers /etc/sudoers.d/.*/"
    exit-status:
      lt: 3
    stdout:
    - '/[1:99]/'
    meta:
      server: 1
      workstation: 1
      CIS_ID:
      - 5.2.3
      CISv8:
      - 8.5
      CISv8_IG1: false
      CISv8_IG2: true
      CISv8_IG3: true
      NIST800-53R5:
      - AU-3
      - AU-12
  {{ end }}
{{ end }}