From ec57b85fdf5de6054fd7b42fe59975d6547241d6 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Tue, 15 Apr 2025 11:11:19 +0100
Subject: [PATCH] Updated 5.3.3.1.1 regex issue #315 thanks to @jrdbarnes

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/section_5/cis_5.3.3.1.x.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tasks/section_5/cis_5.3.3.1.x.yml b/tasks/section_5/cis_5.3.3.1.x.yml
index 1730521..0aadbe3 100644
--- a/tasks/section_5/cis_5.3.3.1.x.yml
+++ b/tasks/section_5/cis_5.3.3.1.x.yml
@@ -23,7 +23,7 @@
         - rhel9cis_disruption_high
       ansible.builtin.replace:
         path: "/etc/pam.d/{{ item }}-auth"
-        regexp: ^(\s*auth\s+(requisite|required|sufficient)\s+pam_faillock\.so)(.*)\s+deny\s*=\s*\S+(.*$)
+        regexp: ^(\s*auth\s+(?:requisite|required|sufficient)\s+pam_faillock\.so)(.*)\s+deny\s*=\s*\S+(.*$)
         replace: \1 \2\3
       loop:
         - password