Skip to content

Commit 3132af2

Browse files
teacup-on-rockingchairteacup-on-rockingchair
committed
Add sle15 support in OVAL pam_faillock macros. Behaviour similar to debian
1 parent 22702c6 commit 3132af2

File tree

1 file changed

+3
-3
lines changed

1 file changed

+3
-3
lines changed

shared/templates/pam_account_password_faillock/oval.template

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
<definition class="compliance" id="{{{ _RULE_ID }}}" version="6">
33
{{{ oval_metadata(DESCRIPTION, rule_title=rule_title) }}}
44

5-
{{% if 'debian' in product or 'ubuntu' in product %}}
5+
{{% if 'debian' in product or 'ubuntu' in product or 'sle15' in product %}}
66

77
<criteria operator="AND" comment="Check the proper configuration of pam_faillock.so">
88
<criteria operator="AND" comment="Check if pam_faillock.so is properly enabled">
@@ -126,7 +126,7 @@
126126
id="var_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_pam_faillock_auth_regex"
127127
datatype="string" version="2"
128128
comment="regex to identify pam_faillock.so entries in auth section of pam files">
129-
{{% if 'debian' in product %}}
129+
{{% if 'debian' in product or 'sle15' in product %}}
130130
<value>^\s*auth\s+required\s+pam_faillock\.so.*preauth.*[\s\S]*^\s*auth.*pam_unix\.so[\s\S]*^\s*auth\s+\[default=die\]\s+pam_faillock\.so\s+authfail[\s\S]*^\s*auth\s+sufficient\s+pam_faillock\.so\s+authsucc</value>
131131
{{% elif 'ubuntu' in product %}}
132132
<value>^\s*auth\s+(requisite|required)\s+pam_faillock\.so.*preauth.*[\s\S]*^\s*auth.*pam_unix\.so[\s\S]*^\s*auth\s+\[default=die\]\s+pam_faillock\.so\s+authfail</value>
@@ -141,7 +141,7 @@
141141
id="var_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_pam_faillock_account_regex"
142142
datatype="string" version="2"
143143
comment="regex to identify pam_faillock.so entry in account section of pam files">
144-
{{% if 'debian' in product or 'ubuntu' in product %}}
144+
{{% if 'debian' in product or 'ubuntu' in product or 'sle15' in product %}}
145145
<value>^\s*account\s+required\s+pam_faillock\.so\s*(#.*)?$</value>
146146
{{% elif 'openeuler' in product or 'kylinserver' in product %}}
147147
<value>^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=ok\b)?(?=.*?\bnew_authtok_reqd=ok\b)?(?=.*?\bignore=ignore\b)?(?=.*?\bdefault=bad\b)?.*\])[\s]+pam_unix\.so[\s\S]*^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=ok\b)?(?=.*?\bnew_authtok_reqd=ok\b)?(?=.*?\bignore=ignore\b)?(?=.*?\bdefault=bad\b)?.*\])[\s]+pam_faillock\.so</value>

0 commit comments

Comments
 (0)