Use pam_faillock instead of pam_tally for bullseye (#56)

Fix #55
See https://github.com/linux-pam/linux-pam/releases/tag/v1.4.0
pam_tally is deprecated and replaced by pam_faillock

Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>
This commit is contained in:
Thibault Ayanides
2021-02-17 11:36:58 +01:00
committed by GitHub
parent fa111bc0d0
commit 1a7dd5893a
2 changed files with 14 additions and 6 deletions

View File

@ -13,7 +13,7 @@ test_audit() {
describe Checking resolved state
register_test retvalshouldbe 0
register_test contain "[ OK ] ^auth[[:space:]]*required[[:space:]]*pam_tally[2]?\.so is present in /etc/pam.d/common-auth"
register_test contain "[ OK ] pam_tally[2]?\.so is present in /etc/pam.d/common-account"
register_test contain "[ OK ] ^auth[[:space:]]*required[[:space:]]*pam_((tally[2]?)|(faillock))\.so is present in /etc/pam.d/common-auth"
register_test contain "[ OK ] pam_((tally[2]?)|(faillock))\.so is present in /etc/pam.d/common-account"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
}