Skip to content

Commit 633e4bd

Browse files
authored
Merge pull request #14624 from teacup-on-rockingchair/sle16_use_etc_security_faillock
Sle16 use /etc/security/faillock.conf for pam faillock configuration
2 parents e7e8a8c + da6122c commit 633e4bd

File tree

4 files changed

+19
-6
lines changed

4 files changed

+19
-6
lines changed
Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,2 @@
11
default:
22
pam_faillock_conf_path: "/etc/security/faillock.conf"
3-
4-
overrides:
5-
{{% if product == 'sle16' %}}
6-
pam_faillock_conf_path: "/usr/etc/security/faillock.conf"
7-
{{% endif %}}

shared/macros/10-ansible.jinja

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1462,7 +1462,6 @@ The following macro remediates Audit syscall rule in :code:`/etc/audit/audit.rul
14621462
{{{ ansible_remove_pam_module_option_configuration('/etc/pam.d/password-auth','auth','','pam_faillock.so',parameter, rule_title=rule_title) | indent(4) }}}
14631463
when:
14641464
- result_faillock_conf_check.stat.exists
1465-
{{%- endif %}}
14661465

14671466
- name: {{{ rule_title }}} - Ensure the pam_faillock.so {{{ parameter }}} parameter in PAM files
14681467
block:
@@ -1542,6 +1541,7 @@ The following macro remediates Audit syscall rule in :code:`/etc/audit/audit.rul
15421541
{{%- endif %}}
15431542
when:
15441543
- not result_faillock_conf_check.stat.exists
1544+
{{%- endif %}}
15451545
{{%- endmacro -%}}
15461546

15471547
{{#

shared/templates/pam_account_password_faillock/ansible.template

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,5 +3,16 @@
33
# strategy = restrict
44
# complexity = low
55
# disruption = low
6+
7+
{{% if product == 'sle16' %}}
8+
- name: Copy faillock defaults /usr/etc/security/faillock.conf to {{{ pam_faillock_conf_path }}}
9+
ansible.builtin.copy:
10+
src: /usr/etc/security/faillock.conf
11+
dest: {{{ pam_faillock_conf_path }}}
12+
force: no
13+
mode: '0644'
14+
remote_src: yes
15+
{{% endif %}}
16+
617
{{{ ansible_pam_faillock_enable(rule_title=rule_title) }}}
718
{{{ ansible_pam_faillock_parameter_value(PRM_NAME, EXT_VARIABLE, rule_title=rule_title) }}}

shared/templates/pam_account_password_faillock/bash.template

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,12 @@
11
# platform = multi_platform_all
22

3+
{{% if product == 'sle16' %}}
4+
PAM_FAILLOCK_DEFAULTS_FILE_NAME="/usr/etc/security/faillock.conf"
5+
if ! [ -e "{{{ pam_faillock_conf_path }}}" ] ; then
6+
cp "${PAM_FAILLOCK_DEFAULTS_FILE_NAME}" "{{{ pam_faillock_conf_path }}}"
7+
fi
8+
{{% endif %}}
9+
310
{{{ bash_instantiate_variables(EXT_VARIABLE) }}}
411

512
{{{ bash_pam_faillock_enable() }}}

0 commit comments

Comments
 (0)