Hi Nathaniel, If you truly believe that this is an issue then I suggest you to create a new issue under: [0] which is the project to track issues on scap-security-guide.
And if it's possible try to add more information on which version you are using and which rule you are checking. I believe the rule you checking is part of [1], please try to identify which one is it. There people can start collaborating on identifying exactly what's the issue and start working on it. Regards. [0] https://github.com/ComplianceAsCode/content/issues/new [1] https://github.com/ComplianceAsCode/content/tree/master/linux_os/guide/system/accounts/accounts-pam On Fri, Oct 11, 2019 at 10:53 PM Wallwork, Nathaniel <[email protected]> wrote: > The PAM stack is modified, adding lines for pam_faillock.so. > > > > The line with authfail line is inserted “*after pam_unix.so*”. When > there are alternative authentication methods (ex: pam_krb5.so or > pam_sssd.so), this breaks them. > > > > It would be better to add this line “*before pam_deny.so*” instead. > This would still have the desired effect, without breaking alternative > authentication methods. > > > > What’s the best path to get this change made? > > > > Thanks. > > > _______________________________________________ > scap-security-guide mailing list -- > [email protected] > To unsubscribe send an email to > [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > -- Gabriel Gaspar Becker Software Engineer Red Hat <https://www.redhat.com> <https://red.ht/sig>
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
