accounts_passwords_pam_faillock_deny Bash remediation failing

[marcusburghardt]

Description of problem:

The Bash remediation for accounts_passwords_pam_faillock_deny is failing in RHEL7 because the /etc/pam.d/common-auth is not found. This file is not expected to be present in RHEL7.

SCAP Security Guide Version:

master as of 2022-12-17

Operating System Version:

RHEL7.9

Steps to Reproduce:

1. Try to remediate the accounts_passwords_pam_faillock_deny rule using Bash in a RHEL7.9

It can also be reproduced using automatus.

Actual Results:

ERROR - Bash remediation for rule xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny has exited with these errors:
Warning: Permanently added '192.168.122.175' (ECDSA) to the list of known hosts.
+ echo 'Remediating rule 1/1: '\''xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny'\'''
Remediating rule 1/1: 'xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny'
+ rpm --quiet -q pam
+ var_accounts_passwords_pam_faillock_deny=3
+ '[' -f /usr/bin/authselect ']'
+ AUTH_FILES=("/etc/pam.d/system-auth" "/etc/pam.d/password-auth")
+ for pam_file in '"${AUTH_FILES[@]}"'
+ grep -qE '^\s*auth\s+required\s+pam_faillock\.so\s+(preauth silent|authfail).*$' /etc/pam.d/system-auth
+ sed -Ei 's/(auth.*)(\[default=die\])(.*pam_faillock\.so)/\1required     \3/g' /etc/pam.d/system-auth
+ for pam_file in '"${AUTH_FILES[@]}"'
+ grep -qE '^\s*auth\s+required\s+pam_faillock\.so\s+(preauth silent|authfail).*$' /etc/pam.d/password-auth
+ sed -Ei 's/(auth.*)(\[default=die\])(.*pam_faillock\.so)/\1required     \3/g' /etc/pam.d/password-auth
+ AUTH_FILES=("/etc/pam.d/system-auth" "/etc/pam.d/password-auth" "/etc/pam.d/common-auth")
+ FAILLOCK_CONF=/etc/security/faillock.conf
+ '[' -f /etc/security/faillock.conf ']'
+ for pam_file in '"${AUTH_FILES[@]}"'
+ grep -qE '^\s*auth.*pam_faillock\.so (preauth|authfail).*deny' /etc/pam.d/system-auth
+ sed -i --follow-symlinks 's/\(^auth.*required.*pam_faillock\.so.*preauth.*silent.*\)\(deny=\)[0-9]\+\(.*\)/\1\23\3/' /etc/pam.d/system-auth
+ sed -i --follow-symlinks 's/\(^auth.*required.*pam_faillock\.so.*authfail.*\)\(deny=\)[0-9]\+\(.*\)/\1\23\3/' /etc/pam.d/system-auth
+ for pam_file in '"${AUTH_FILES[@]}"'
+ grep -qE '^\s*auth.*pam_faillock\.so (preauth|authfail).*deny' /etc/pam.d/password-auth
+ sed -i --follow-symlinks 's/\(^auth.*required.*pam_faillock\.so.*preauth.*silent.*\)\(deny=\)[0-9]\+\(.*\)/\1\23\3/' /etc/pam.d/password-auth
+ sed -i --follow-symlinks 's/\(^auth.*required.*pam_faillock\.so.*authfail.*\)\(deny=\)[0-9]\+\(.*\)/\1\23\3/' /etc/pam.d/password-auth
+ for pam_file in '"${AUTH_FILES[@]}"'
+ grep -qE '^\s*auth.*pam_faillock\.so (preauth|authfail).*deny' /etc/pam.d/common-auth
grep: /etc/pam.d/common-auth: No such file or directory
+ sed -i --follow-symlinks '/^auth.*required.*pam_faillock\.so.*preauth.*silent.*/ s/$/ deny=3/' /etc/pam.d/common-auth
sed: can't read /etc/pam.d/common-auth: No such file or directory
+ sed -i --follow-symlinks '/^auth.*required.*pam_faillock\.so.*authfail.*/ s/$/ deny=3/' /etc/pam.d/common-auth
sed: can't read /etc/pam.d/common-auth: No such file or directory

ERROR - The remediation failed for rule 'xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny'.

Expected Results:

Remediation working without errors

Additional Information/Debugging Steps:

This error is caused by this commit: ed224d5