From 8f80a6687b44ea26c3aedcf85cfee33098b5f6a5 Mon Sep 17 00:00:00 2001
From: Dichiara <128719579+EnguerrandDeclercq@users.noreply.github.com>
Date: Fri, 13 Oct 2023 16:46:30 +0200
Subject: [PATCH] Fix CIS rule 5.3.2

Added a create: true in case these files did not already exist.
---
 .../section_5_Access_Authentication_and_Authorization.yaml  | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tasks/section_5_Access_Authentication_and_Authorization.yaml b/tasks/section_5_Access_Authentication_and_Authorization.yaml
index 9661464..a91fccb 100755
--- a/tasks/section_5_Access_Authentication_and_Authorization.yaml
+++ b/tasks/section_5_Access_Authentication_and_Authorization.yaml
@@ -666,16 +666,22 @@
       lineinfile:
         dest: /etc/pam.d/common-auth
         line: "auth required pam_tally2.so onerr=fail audit silent deny=5 unlock_time=900"
+        create: true
+        
     - name: 5.3.2 Ensure lockout for failed password attempts is configured - pam_deny.so
       lineinfile:
         dest: /etc/pam.d/common-account
         regexp: '^account\srequisite'
         line: "account requisite pam_deny.so"
+        create: true
+        
     - name: 5.3.2 Ensure lockout for failed password attempts is configured - pam_tally2.so
       lineinfile:
         dest: /etc/pam.d/common-account
         regexp: '^account\srequired'
         line: "account required pam_tally2.so"
+        create: true
+        
   tags:
     - section5
     - level_1_server