mirror of
https://github.com/ovh/debian-cis.git
synced 2025-06-21 18:23:42 +02:00
Use pam_faillock instead of pam_tally for bullseye (#56)
Fix #55 See https://github.com/linux-pam/linux-pam/releases/tag/v1.4.0 pam_tally is deprecated and replaced by pam_faillock Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>
This commit is contained in:

committed by
GitHub

parent
fa111bc0d0
commit
1a7dd5893a
@ -13,7 +13,7 @@ test_audit() {
|
||||
|
||||
describe Checking resolved state
|
||||
register_test retvalshouldbe 0
|
||||
register_test contain "[ OK ] ^auth[[:space:]]*required[[:space:]]*pam_tally[2]?\.so is present in /etc/pam.d/common-auth"
|
||||
register_test contain "[ OK ] pam_tally[2]?\.so is present in /etc/pam.d/common-account"
|
||||
register_test contain "[ OK ] ^auth[[:space:]]*required[[:space:]]*pam_((tally[2]?)|(faillock))\.so is present in /etc/pam.d/common-auth"
|
||||
register_test contain "[ OK ] pam_((tally[2]?)|(faillock))\.so is present in /etc/pam.d/common-account"
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
}
|
||||
|
Reference in New Issue
Block a user