diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_enforce_root/bash/ubuntu.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_enforce_root/bash/ubuntu.sh index 80cd705f724..3eaa1cf5a87 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_enforce_root/bash/ubuntu.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_enforce_root/bash/ubuntu.sh @@ -2,7 +2,7 @@ {{{ bash_pam_pwhistory_enable('cac_pwhistory','requisite') }}} conf_file=/usr/share/pam-configs/cac_pwhistory -if ! grep -qE 'pam_pwhistory\.so\s+[^#]*\benforce_for_root\b' "$conf_file"; then +if ! grep -qE 'pam_pwhistory\.so\s+[^#\n]*\benforce_for_root\b' "$conf_file"; then sed -i -E '/^Password:/,/^[^[:space:]]/ { /pam_pwhistory\.so/ { s/$/ enforce_for_root/g diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_enforce_root/oval/shared.xml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_enforce_root/oval/shared.xml index 21b23ab85f9..1a822cfd471 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_enforce_root/oval/shared.xml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_enforce_root/oval/shared.xml @@ -45,7 +45,7 @@ {{{ accounts_password_pam_file }}} - ^\s*password\s+(?:(?:sufficient)|(?:required)|(?:requisite)|(?:\[.*\]))\s+pam_pwhistory\.so\s+[^#]*\benforce_for_root\b.*$ + ^\s*password\s+(?:(?:sufficient)|(?:required)|(?:requisite)|(?:\[.*\]))\s+pam_pwhistory\.so\s+[^#\n\r]*\benforce_for_root\b.*$ 1