Skip to content

Commit 3a0fcff

Browse files
use default /etc/security/faillock.conf for sle16.
On 1st remediation this file is created via copying distro default from /usr/etc/security/faillock.conf
1 parent 90b6371 commit 3a0fcff

3 files changed

Lines changed: 17 additions & 5 deletions

File tree

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,2 @@
11
default:
22
pam_faillock_conf_path: "/etc/security/faillock.conf"
3-
4-
overrides:
5-
{{% if product == 'sle16' %}}
6-
pam_faillock_conf_path: "/usr/etc/security/faillock.conf"
7-
{{% endif %}}

shared/templates/pam_account_password_faillock/ansible.template

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,5 +3,15 @@
33
# strategy = restrict
44
# complexity = low
55
# disruption = low
6+
7+
{{% if product == 'sle16' %}}
8+
- name: Copy faillock defaults /usr/etc/security/faillock.conf to {{{ pam_faillock_conf_path }}}
9+
ansible.builtin.copy:
10+
src: /usr/etc/security/faillock.conf
11+
dest: {{{ pam_faillock_conf_path }}}
12+
force: no
13+
mode: '0644'
14+
{{% endif %}}
15+
616
{{{ ansible_pam_faillock_enable(rule_title=rule_title) }}}
717
{{{ ansible_pam_faillock_parameter_value(PRM_NAME, EXT_VARIABLE, rule_title=rule_title) }}}

shared/templates/pam_account_password_faillock/bash.template

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,12 @@
11
# platform = multi_platform_all
22

3+
{{% if product == 'sle16' %}}
4+
PAM_FAILLOCK_DEFAULTS_FILE_NAME="/usr/etc/security/faillock.conf"
5+
if ! [ -e "{{{ pam_faillock_conf_path }}}" ] ; then
6+
cp "${PAM_FAILLOCK_DEFAULTS_FILE_NAME}" "{{{ pam_faillock_conf_path }}}"
7+
fi
8+
{{% endif %}}
9+
310
{{{ bash_instantiate_variables(EXT_VARIABLE) }}}
411

512
{{{ bash_pam_faillock_enable() }}}

0 commit comments

Comments
 (0)