Hide Forgot
Description of problem: Create /etc/security/faillock.conf and allow the following options to be configured in the faillock.conf file: deny=n fail_interval=n unlock_time=n even_deny_root=(0|1) root_unlock_time=n Currently, scap-security-guide has complicated remediation scripts that have to add pam_faillock as well as all the options to configure pam to meet all the different customer compliance requirements. This is error prone and cannot handle all the differing customer pam configurations. This would also make authconfig, future authselect, and scap-security-guide less complicated as modifying the pam files, providing profiles, or handling different pam configurations would no longer be required for these options. It would just be a simple change in faillock.conf Version-Release number of selected component (if applicable): pam-1.1.8-18.el7.x86_64 How reproducible: always Steps to Reproduce: 1. ls /etc/security/faillock.conf ls: cannot access '/etc/security/faillock.conf': No such file or directory 2. man pam_faillock No reference to /etc/security/faillock.conf 3. Actual results: /etc/security/faillock.conf does not exist Expected results: /etc/security/faillock.conf exists and the following options can be configured: deny=n fail_interval=n unlock_time=n even_deny_root=(0|1) root_unlock_time=n Additional info: If this can also be added upstream as well, that would be great.
This issue was not selected to be included either in Red Hat Enterprise Linux 7.7 because it is seen either as low or moderate impact to a small amount of use-cases. The next release will be in Maintenance Support 1 Phase, which means that qualified Critical and Important Security errata advisories (RHSAs) and Urgent Priority Bug Fix errata advisories (RHBAs) may be released as they become available. We will now close this issue, but if you believe that it qualifies for the Maintenance Support 1 Phase, please re-open; otherwise we recommend moving the request to Red Hat Enterprise Linux 8 if applicable.
There has not been a public update to this BZ since https://bugzilla.redhat.com/show_bug.cgi?id=1537242#c2. Could a public update be provided? Thanks!
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:1780