Reloval of ubuntu os support from the rule

ComplianceAsCode · May 17, 2023 · a5f1f43 · a5f1f43
1 parent f6d5386
commit a5f1f43
Show file tree

Hide file tree

Showing 7 changed files with 6 additions and 76 deletions.
diff --git a/.../locking_out_password_attempts/accounts_passwords_pam_tally2_deny_root/ansible/shared.yml b/.../locking_out_password_attempts/accounts_passwords_pam_tally2_deny_root/ansible/shared.yml
@@ -1,14 +1,9 @@
-# platform = multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_sle
 # reboot = false
 # strategy = restrict
 # complexity = low
 # disruption = low
 
-{{% if product in ["sle12","sle15"] %}}
 {{{ ansible_remove_pam_module_option('/etc/pam.d/login', 'auth', 'required', 'pam_tally2.so', 'onerr=fail') }}}
 {{{ ansible_ensure_pam_module_option('/etc/pam.d/login', 'auth', 'required', 'pam_tally2.so', 'even_deny_root', '', '') }}}
-{{% else %}}
-{{{ ansible_remove_pam_module_option('/etc/pam.d/common-auth', 'auth', 'required', 'pam_tally2.so', 'onerr=fail') }}}
-{{{ ansible_ensure_pam_module_option('/etc/pam.d/common-auth', 'auth', 'required', 'pam_tally2.so', 'even_deny_root', '', '') }}}
-{{% endif %}}
 {{{ ansible_ensure_pam_module_option('/etc/pam.d/common-account', 'account', 'required', 'pam_tally2.so', '', '', '') }}}
diff --git a/...-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_deny_root/bash/shared.sh b/...-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_deny_root/bash/shared.sh
@@ -1,14 +1,9 @@
-# platform = multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_sle
 # reboot = false
 # strategy = restrict
 # complexity = low
 # disruption = low
 
-{{% if product in ["sle12","sle15"] %}}
 {{{ bash_remove_pam_module_option('/etc/pam.d/login', 'auth', 'required', 'pam_tally2.so', 'onerr=fail') }}}
 {{{ bash_ensure_pam_module_option('/etc/pam.d/login', 'auth', 'required', 'pam_tally2.so', 'even_deny_root', '', '') }}}
-{{% else %}}
-{{{ bash_remove_pam_module_option('/etc/pam.d/common-auth', 'auth', 'required', 'pam_tally2.so', 'onerr=fail') }}}
-{{{ bash_ensure_pam_module_option('/etc/pam.d/common-auth', 'auth', 'required', 'pam_tally2.so', 'even_deny_root', '', '') }}}
-{{% endif %}}
 {{{ bash_ensure_pam_module_option('/etc/pam.d/common-account', 'account', 'required', 'pam_tally2.so', '', '', '') }}}
diff --git a/...pam/locking_out_password_attempts/accounts_passwords_pam_tally2_deny_root/oval/shared.xml b/...pam/locking_out_password_attempts/accounts_passwords_pam_tally2_deny_root/oval/shared.xml
@@ -17,11 +17,7 @@
   </ind:textfilecontent54_test>
 
   <ind:textfilecontent54_object id="object_accounts_passwords_pam_tally2_even_deny_root" comment="Check even deny root configuration of pam_tally2" version="1">
-    {{% if product in ["sle12","sle15"] %}}
     <ind:filepath>/etc/pam.d/login</ind:filepath>
-    {{% else %}}
-    <ind:filepath>/etc/pam.d/common-auth</ind:filepath>
-    {{% endif %}}
     <ind:pattern operation="pattern match">^\s*auth(?:(?!\n)\s)+required(?:(?!\n)\s)+pam_tally2.so(?:(?!\n)\s)+(?:(?:(?:(?!\n)\s)?[^\n]+)?onerr=fail(?:(?:(?!\n)\s)+[^\n]+)?(?:(?!\n)\s)+deny=(\d+)(?:(?:\s+\S+)*\s*$))|(?:(?:(?:(?!\n)\s)?[^\n]+)?deny=(\d+)(?:(?:(?!\n)\s)+[^\n]+)?(?:(?!\n)\s)+even_deny_root(?:(?:\s+\S+)*\s*$))</ind:pattern>
     <ind:instance datatype="int">1</ind:instance>    
   </ind:textfilecontent54_object>

diff --git a/...ts/accounts_passwords_pam_tally2_deny_root/tests/pam_tally2_absent_account_config.fail.sh b/...ts/accounts_passwords_pam_tally2_deny_root/tests/pam_tally2_absent_account_config.fail.sh
@@ -1,30 +1,16 @@
 #!/bin/bash
-# platform = multi_platform_sle,Ubuntu 20.04
+# platform = multi_platform_sle
 
 cat >/etc/pam.d/common-account <<CAPTA
 account	[success=1 new_authtok_reqd=done default=ignore]	pam_unix.so
 account	requisite			pam_deny.so
 account	required			pam_permit.so
 CAPTA
 
-{{% if product in ["sle12","sle15"] %}}
-
 cat >/etc/pam.d/login <<CAPTEDRC
 auth required pam_tally2.so onerr=fail audit silent deny=3 even_deny_root unlock_time=900
 auth	[success=1 default=ignore]	pam_unix.so nullok_secure
 auth	requisite			pam_deny.so
 auth	required			pam_permit.so
 auth	optional			pam_cap.so
 CAPTEDRC
-
-{{% else %}}
-
-cat >/etc/pam.d/common-auth <<CAPTEDRC
-auth required pam_tally2.so onerr=fail audit silent deny=3 even_deny_root unlock_time=900
-auth	[success=1 default=ignore]	pam_unix.so nullok_secure
-auth	requisite			pam_deny.so
-auth	required			pam_permit.so
-auth	optional			pam_cap.so
-CAPTEDRC
-
-{{% endif %}}
diff --git a/...rd_attempts/accounts_passwords_pam_tally2_deny_root/tests/pam_tally2_deny_missing.fail.sh b/...rd_attempts/accounts_passwords_pam_tally2_deny_root/tests/pam_tally2_deny_missing.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_sle,Ubuntu 20.04
+# platform = multi_platform_sle
 
 cat >/etc/pam.d/common-account <<CAPTAC
 account	[success=1 new_authtok_reqd=done default=ignore]	pam_unix.so
@@ -8,24 +8,10 @@ account required                        pam_tally2.so
 account	required			pam_permit.so
 CAPTAC
 
-{{% if product in ["sle12","sle15"] %}}
-
 cat >/etc/pam.d/login <<CAPTDM
 auth required pam_tally2.so onerr=fail audit silent even_deny_root unlock_time=900
 auth	[success=1 default=ignore]	pam_unix.so nullok_secure
 auth	requisite			pam_deny.so
 auth	required			pam_permit.so
 auth	optional			pam_cap.so
 CAPTDM
-
-{{% else %}}
-
-cat >/etc/pam.d/common-auth <<CAPTDM
-auth required pam_tally2.so onerr=fail audit silent even_deny_root unlock_time=900
-auth	[success=1 default=ignore]	pam_unix.so nullok_secure
-auth	requisite			pam_deny.so
-auth	required			pam_permit.so
-auth	optional			pam_cap.so
-CAPTDM
-
-{{% endif %}}
diff --git a/...ts/accounts_passwords_pam_tally2_deny_root/tests/pam_tally2_even_deny_root_absent.fail.sh b/...ts/accounts_passwords_pam_tally2_deny_root/tests/pam_tally2_even_deny_root_absent.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_sle,Ubuntu 20.04
+# platform = multi_platform_sle
 
 cat >/etc/pam.d/common-account <<CAPTC
 account	[success=1 new_authtok_reqd=done default=ignore]	pam_unix.so
@@ -8,24 +8,10 @@ account required                        pam_tally2.so
 account	required			pam_permit.so
 CAPTC
 
-{{% if product in ["sle12","sle15"] %}}
-
 cat >/etc/pam.d/login <<CAPTEDRM
 auth required pam_tally2.so onerr=fail audit silent deny=3 unlock_time=900
 auth	[success=1 default=ignore]	pam_unix.so nullok_secure
 auth	requisite			pam_deny.so
 auth	required			pam_permit.so
 auth	optional			pam_cap.so
 CAPTEDRM
-
-{{% else %}}
-
-cat >/etc/pam.d/common-auth <<CAPTEDRM
-auth required pam_tally2.so onerr=fail audit silent deny=3 unlock_time=900
-auth	[success=1 default=ignore]	pam_unix.so nullok_secure
-auth	requisite			pam_deny.so
-auth	required			pam_permit.so
-auth	optional			pam_cap.so
-CAPTEDRM
-
-{{% endif %}}
diff --git a/...s/accounts_passwords_pam_tally2_deny_root/tests/pam_tally2_even_deny_root_present.pass.sh b/...s/accounts_passwords_pam_tally2_deny_root/tests/pam_tally2_even_deny_root_present.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_sle,Ubuntu 20.04
+# platform = multi_platform_sle
 
 cat >/etc/pam.d/common-account <<CAPTC
 account	[success=1 new_authtok_reqd=done default=ignore]	pam_unix.so
@@ -8,24 +8,10 @@ account required                        pam_tally2.so
 account	required			pam_permit.so
 CAPTC
 
-{{% if product in ["sle12","sle15"] %}}
-
 cat >/etc/pam.d/login <<CAPTEDRC
 auth required pam_tally2.so onerr=fail audit silent deny=3 even_deny_root unlock_time=900
 auth	[success=1 default=ignore]	pam_unix.so nullok_secure
 auth	requisite			pam_deny.so
 auth	required			pam_permit.so
 auth	optional			pam_cap.so
 CAPTEDRC
-
-{{% else %}}
-
-cat >/etc/pam.d/common-auth <<CAPTEDRC
-auth required pam_tally2.so onerr=fail audit silent deny=3 even_deny_root unlock_time=900
-auth	[success=1 default=ignore]	pam_unix.so nullok_secure
-auth	requisite			pam_deny.so
-auth	required			pam_permit.so
-auth	optional			pam_cap.so
-CAPTEDRC
-
-{{% endif %}}