Skip to content

Sle16 use /etc/security/faillock.conf for pam faillock configuration#14624

Merged
jan-cerny merged 3 commits intoComplianceAsCode:masterfrom
teacup-on-rockingchair:sle16_use_etc_security_faillock
Apr 15, 2026
Merged

Sle16 use /etc/security/faillock.conf for pam faillock configuration#14624
jan-cerny merged 3 commits intoComplianceAsCode:masterfrom
teacup-on-rockingchair:sle16_use_etc_security_faillock

Conversation

@teacup-on-rockingchair
Copy link
Copy Markdown
Contributor

@teacup-on-rockingchair teacup-on-rockingchair commented Apr 6, 2026

Description:

  • Use default /etc/security/faillock.conf for sle16

Rationale:

  • Change the logic a bit to use /etc/ files and subdirectories for remediations so we rely on user configuration not distro default one, also rpm_verify_hashes won't break the remediation status
  • On 1st remediation this file is created, if not existing, via copying distro default from /usr/etc/security/faillock.conf

@teacup-on-rockingchair
use default /etc/security/faillock.conf for sle16.
3a0fcff 
On 1st remediation this file is created via copying distro default from /usr/etc/security/faillock.conf
@teacup-on-rockingchair
/etc/pam.d/password-auth and /etc/pam.d/system-auth are not used by S…
a999684 
…USE OS

So skip all Ansible steps related to those
@teacup-on-rockingchair teacup-on-rockingchair added Ansible Ansible remediation update. Bash Bash remediation update. SLES SUSE Linux Enterprise Server product related. Update Template Issues or pull requests related to Templates updates. labels Apr 6, 2026
@teacup-on-rockingchair teacup-on-rockingchair added this to the 0.1.81 milestone Apr 6, 2026
@jan-cerny jan-cerny self-assigned this Apr 7, 2026
jan-cerny
jan-cerny reviewed Apr 7, 2026
View reviewed changes
Comment thread shared/templates/pam_account_password_faillock/ansible.template
{{% if product == 'sle16' %}}
- name: Copy faillock defaults /usr/etc/security/faillock.conf to {{{ pam_faillock_conf_path }}}
ansible.builtin.copy:
src: /usr/etc/security/faillock.conf
Copy link
Copy Markdown
Collaborator

@jan-cerny jan-cerny Apr 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IIUC if the Ansible code is used to manage a remote host this will copy a file from the controller machine to the remote host. I assume we want to copy the file from the remote host, not from the controller. You'll need to add remote_src: yes.

Copy link
Copy Markdown
Contributor Author

@teacup-on-rockingchair teacup-on-rockingchair Apr 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the note, fixed in da6122c

jan-cerny
jan-cerny approved these changes Apr 15, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@jan-cerny jan-cerny left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have run the TSs locally on RHEL 10 and they pass with both Ansible and Bash remediations

@jan-cerny jan-cerny merged commit 633e4bd into ComplianceAsCode:master Apr 15, 2026
64 of 65 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jan-cerny jan-cerny jan-cerny approved these changes

Assignees

@jan-cerny jan-cerny

Labels

Ansible Ansible remediation update. Bash Bash remediation update. SLES SUSE Linux Enterprise Server product related. Update Template Issues or pull requests related to Templates updates.

Projects

None yet

Milestone

0.1.81

Development

Successfully merging this pull request may close these issues.

2 participants

@teacup-on-rockingchair @jan-cerny