Hi Nathaniel, If you truly believe that this is an issue then I suggest you to create a new issue under: [0] which is the project to track issues on scap-security-guide.
And if it's possible try to add more information on which version you are using and which rule you are checking. I believe the rule you checking is part of [1], please try to identify which one is it. There people can start collaborating on identifying exactly what's the issue and start working on it. Regards. [0] https://github.com/ComplianceAsCode/content/issues/new [1] https://github.com/ComplianceAsCode/content/tree/master/linux_os/guide/system/accounts/accounts-pam On Fri, Oct 11, 2019 at 10:53 PM Wallwork, Nathaniel <nwal...@sandia.gov> wrote: > The PAM stack is modified, adding lines for pam_faillock.so. > > > > The line with authfail line is inserted “*after pam_unix.so*”. When > there are alternative authentication methods (ex: pam_krb5.so or > pam_sssd.so), this breaks them. > > > > It would be better to add this line “*before pam_deny.so*” instead. > This would still have the desired effect, without breaking alternative > authentication methods. > > > > What’s the best path to get this change made? > > > > Thanks. > > > _______________________________________________ > scap-security-guide mailing list -- > scap-security-guide@lists.fedorahosted.org > To unsubscribe send an email to > scap-security-guide-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org > -- Gabriel Gaspar Becker Software Engineer Red Hat <https://www.redhat.com> <https://red.ht/sig>
_______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org
