pam_faillock.so line after pam_unix.so missing from system-auth file

Description

This is irrelevant for functionality since pam_faillock is set to required; however, the DISA STIG fails the CCE-27350-8 check if the following line is not in system-auth and password-auth

After pam_unix.so:
auth [default=die] pam_faillock.so authfail deny=<deny> unlock_time=<unlock_time> fail_interval=<fail_interval>

It looks like we already do this for password-auth, so I just need to update the template to also add it to system.

Acceptance Criteria

None

Activity

Show:
Trevor Vaughan
April 26, 2018, 4:26 PM

Issues found during PAM testing

Trevor Vaughan
April 30, 2018, 5:16 PM

PAM setting update start

Trevor Vaughan
April 30, 2018, 6:15 PM

PAM setting update start

Trevor Vaughan
May 10, 2018, 9:20 PM

Updated inspec STIG checks

Labels

None

Epic Link

Story Points

2

Components

Sprint

None

Affects versions

Priority

Medium
Configure