Skip to content

Sle16 use /etc/security/faillock.conf for pam faillock configuration#14624

Open
teacup-on-rockingchair wants to merge 2 commits intoComplianceAsCode:masterfrom
teacup-on-rockingchair:sle16_use_etc_security_faillock
Open

Sle16 use /etc/security/faillock.conf for pam faillock configuration#14624
teacup-on-rockingchair wants to merge 2 commits intoComplianceAsCode:masterfrom
teacup-on-rockingchair:sle16_use_etc_security_faillock

Conversation

@teacup-on-rockingchair
Copy link
Copy Markdown
Contributor

@teacup-on-rockingchair teacup-on-rockingchair commented Apr 6, 2026

Description:

  • Use default /etc/security/faillock.conf for sle16

Rationale:

  • Change the logic a bit to use /etc/ files and subdirectories for remediations so we rely on user configuration not distro default one, also rpm_verify_hashes won't break the remediation status
  • On 1st remediation this file is created, if not existing, via copying distro default from /usr/etc/security/faillock.conf

@teacup-on-rockingchair
use default /etc/security/faillock.conf for sle16.
3a0fcff 
On 1st remediation this file is created via copying distro default from /usr/etc/security/faillock.conf
@teacup-on-rockingchair
/etc/pam.d/password-auth and /etc/pam.d/system-auth are not used by S…
a999684 
…USE OS

So skip all Ansible steps related to those
@teacup-on-rockingchair teacup-on-rockingchair added Ansible Ansible remediation update. Bash Bash remediation update. SLES SUSE Linux Enterprise Server product related. Update Template Issues or pull requests related to Templates updates. labels Apr 6, 2026
@teacup-on-rockingchair teacup-on-rockingchair added this to the 0.1.81 milestone Apr 6, 2026
@jan-cerny jan-cerny self-assigned this Apr 7, 2026
jan-cerny
jan-cerny reviewed Apr 7, 2026
View reviewed changes
shared/templates/pam_account_password_faillock/ansible.template
{{% if product == 'sle16' %}}
- name: Copy faillock defaults /usr/etc/security/faillock.conf to {{{ pam_faillock_conf_path }}}
ansible.builtin.copy:
src: /usr/etc/security/faillock.conf
Copy link
Copy Markdown
Collaborator

@jan-cerny jan-cerny Apr 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IIUC if the Ansible code is used to manage a remote host this will copy a file from the controller machine to the remote host. I assume we want to copy the file from the remote host, not from the controller. You'll need to add remote_src: yes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jan-cerny jan-cerny jan-cerny left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@jan-cerny jan-cerny

Labels

Ansible Ansible remediation update. Bash Bash remediation update. SLES SUSE Linux Enterprise Server product related. Update Template Issues or pull requests related to Templates updates.

Projects

None yet

Milestone

0.1.81

Development

Successfully merging this pull request may close these issues.

2 participants

@teacup-on-rockingchair @jan-cerny