Sudoers is the default sudo security policy plugin in Linux, however, experienced system administrators can specify a custom security policy as well as input and output logging plugins. It is driven by the /etc/sudoers file or alternatively in LDAP.
Start by opening the file /etc/sudoers like so:
$ sudo visudo
Go to the defaults section and add the following line:
Defaults insults
Defaults defined such as send mail to root when each time a user enters a bad password, set a secure path, configure a custom sudo log file and more.
Save the file and close it.
Run a command with sudo and enter the wrong password, then observe how insults option works:
$ sudo visudo
Note: When you configure the insults parameter, it disables the badpass_message parameter which prints a specific message on the command line (the default message is “sorry, try again”) in case a user enters a wrong password.
To modify the message, add the badpass_message parameter to the /etc/sudoers file as shown below.
Defaults badpass_message="Password is wrong, please try again" #try to set a message of your own
Save the file and close it, then invoke sudo and see how it works, the message you set as the value of badpass_message will be printed every time you or any system user types a wrong password.
$ sudo visudo