Updated 5.3.3.1.1 regex issue #315 thanks to @jrdbarnes

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2025-12-24 22:23:06 +00:00 · 2025-04-15 11:11:19 +01:00 · 2025-04-15 11:11:19 +01:00 · ec57b85fdf
commit ec57b85fdf
parent 3d4bc2ab3d
1 changed files with 1 additions and 1 deletions
--- a/tasks/section_5/cis_5.3.3.1.x.yml
+++ b/tasks/section_5/cis_5.3.3.1.x.yml
@ -23,7 +23,7 @@
        - rhel9cis_disruption_high
      ansible.builtin.replace:
        path: "/etc/pam.d/{{ item }}-auth"
-        regexp: ^(\s*auth\s+(requisite|required|sufficient)\s+pam_faillock\.so)(.*)\s+deny\s*=\s*\S+(.*$)
+        regexp: ^(\s*auth\s+(?:requisite|required|sufficient)\s+pam_faillock\.so)(.*)\s+deny\s*=\s*\S+(.*$)
        replace: \1 \2\3
      loop:
        - password