From 8621a565f9c898527db7a30a8a5fa17fc3e0244a Mon Sep 17 00:00:00 2001
From: Francesco Trentini <francesco.trentini@ris.bz.it>
Date: Wed, 20 Mar 2024 17:40:46 +0100
Subject: [PATCH] add set password-auth remember settings

Signed-off-by: Francesco Trentini <francesco.trentini@ris.bz.it>
---
 tasks/section_5/cis_5.5.x.yml | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/tasks/section_5/cis_5.5.x.yml b/tasks/section_5/cis_5.5.x.yml
index bb3cf34..251b9f7 100644
--- a/tasks/section_5/cis_5.5.x.yml
+++ b/tasks/section_5/cis_5.5.x.yml
@@ -78,10 +78,17 @@
       - rule_5.5.2
 
 - name: "5.5.3 | PATCH | Ensure password reuse is limited | pwquality"
-  ansible.builtin.lineinfile:
-      path: /etc/pam.d/system-auth
-      line: "password    requisite     pam_pwhistory.so try_first_pass enforce_for_root retry=3 remember={{ rhel9cis_pam_faillock.remember }}"
-      insertafter: '^password\s*requisite\s*pam_pwquality.so'
+  block:
+      - name: "5.5.3 | PATCH | Ensure password reuse is limited | Set system-auth remember settings"
+        ansible.builtin.lineinfile:
+            path: /etc/pam.d/system-auth
+            line: "password    requisite     pam_pwhistory.so try_first_pass enforce_for_root retry=3 remember={{ rhel9cis_pam_faillock.remember }}"
+            insertafter: '^password\s*requisite\s*pam_pwquality.so'
+      - name: "5.5.3 | PATCH | Ensure password reuse is limited | Set password-auth remember settings"
+        ansible.builtin.lineinfile:
+            path: /etc/pam.d/password-auth
+            line: "password    requisite     pam_pwhistory.so try_first_pass enforce_for_root retry=3 remember={{ rhel9cis_pam_faillock.remember }}"
+            insertafter: '^password\s*requisite\s*pam_pwquality.so'
   when:
       - rhel9cis_rule_5_5_3
   tags: