From 59e22e860035a9abf60858f677a47c09638489f9 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Mon, 7 Feb 2022 16:44:41 +0000
Subject: [PATCH] fixed thanks to cf-sewe

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/section_5/cis_5.4.x.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tasks/section_5/cis_5.4.x.yml b/tasks/section_5/cis_5.4.x.yml
index 681db73..05ccefb 100644
--- a/tasks/section_5/cis_5.4.x.yml
+++ b/tasks/section_5/cis_5.4.x.yml
@@ -24,7 +24,7 @@
             dest: /etc/pam.d/system-auth
             state: present
             regexp: '^password    requisite                                    pam_pwquality.so'
-            line: "password    requisite                                    pam_pwquality.so try_first_pass local_users_only enforce-for-root retry=3 remember={{ rhel9cis_pam_faillock.remember }}"
+            line: "password    requisite                                    pam_pwquality.so try_first_pass local_users_only enforce_for_root retry=3 remember={{ rhel9cis_pam_faillock.remember }}"
             insertbefore: '^#?password ?'
         when:
             - rhel9cis_rule_5_4_1 or
@@ -35,7 +35,7 @@
             dest: /etc/pam.d/password-auth
             state: present
             regexp: '^password    requisite                                    pam_pwquality.so'
-            line: "password    requisite                                    pam_pwquality.so try_first_pass local_users_only enforce-for-root retry=3"
+            line: "password    requisite                                    pam_pwquality.so try_first_pass local_users_only enforce_for_root retry=3"
             insertbefore: '^#?password ?'
         when: rhel9cis_rule_5_4_1