From 62649cb6c50fb19d1f22068cb8a64322122c1d1f Mon Sep 17 00:00:00 2001
From: Adam Lewandowski <adam.lewandowski@plxis.com>
Date: Fri, 6 May 2022 08:36:15 -0400
Subject: [PATCH] Updated rhel9cis_pam_faillock defaults to only those needed
 for RHEL9

Signed-off-by: Adam Lewandowski <adam.lewandowski@plxis.com>
---
 defaults/main.yml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 248b492..608b3c7 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -582,10 +582,8 @@ rhel9cis_pam_password:
     minclass: 4
 
 rhel9cis_pam_faillock:
-    attempts: 5
     unlock_time: 900
-    fail_for_root: no
-    remember: 5
+    deny: 5
 
 # UID settings for interactive users
 # These are discovered via logins.def if set true