fix[rule]: corrected regex for !log_allowed in sed

command now comments the line instead of deleting
2026-02-03 14:03:24 +00:00 · 2025-03-19 12:18:58 -04:00
parent e3429c6abb
commit ef6f6dc55d
1 changed files with 1 additions and 1 deletions
--- a/rules/os/os_sudo_log_enforce.yaml
+++ b/rules/os/os_sudo_log_enforce.yaml
@@ -9,7 +9,7 @@ result:
 fix: |
  [source,bash]
  ----
-  /usr/bin/find /etc/sudoers* -type f -exec sed -i '' '/Defaults \!log_allowed/d' '{}' \;
+  /usr/bin/find /etc/sudoers* -type f -exec sed -i '' '/^Defaults[[:blank:]]*\!log_allowed/s/^/# /' '{}' \;
  /bin/echo "Defaults log_allowed" >> /etc/sudoers.d/mscp
  ----
 references: