Fix Ubuntu remediation for smartcard_pam_enabled #11489
Conversation
The line `auth [success=2 default=ignore] pam_pkcs11.so` is incorrectly inserted at the bottom of the pam file instead of above `pam_unix.so`. Solution is to use another macro, which supports appending lines after a specific match.
|
Hi @mpurg. Thanks for your PR. I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
Start a new ephemeral environment with changes proposed in this pull request: sle12 (from CTF) Environment (using Fedora as testing environment) Fedora Testing Environment Oracle Linux 8 Environment |
|
Code Climate has analyzed commit d344a0c and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 58.5% (0.0% change). View more on Code Climate. |
marcusburghardt
added
SLES
dodys
added
ok-to-test
|
@teacup-on-rockingchair could you check the error in the tests, it seems unrelated to the PR, but it would be good for you to confirm it. |
|
The SLES issues seem unrelated to this PR and they should take a look on their side. |
Description:
smartcard_pam_enabledto correctly positionpam_pkcs11module in stack.Rationale:
auth [success=2 default=ignore] pam_pkcs11.sois incorrectly inserted at the bottom of the pam file instead of abovepam_unix.so. Solution is to use another macro, which supports appending lines after a specific match.