From 79e8bea65f522bef35ccb626c819d4cfe8684f5b Mon Sep 17 00:00:00 2001
From: Samson-W <sccxboy@gmail.com>
Date: Mon, 5 Nov 2018 18:30:15 +0800
Subject: [PATCH] Modify 9.2.11

---
 bin/hardening/9.2.11_enable_lockout_failed_password.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/bin/hardening/9.2.11_enable_lockout_failed_password.sh b/bin/hardening/9.2.11_enable_lockout_failed_password.sh
index dc6a702..544dbdd 100755
--- a/bin/hardening/9.2.11_enable_lockout_failed_password.sh
+++ b/bin/hardening/9.2.11_enable_lockout_failed_password.sh
@@ -18,6 +18,8 @@ HARDENING_LEVEL=3
 PACKAGE='libpam-modules-bin'
 AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_tally[2]?.so'
 AUTHFILE='/etc/pam.d/common-auth'
+AUTHRULE='auth required pam_tally2.so audit silent deny=3 unlock_time=900'
+ADDPATTERNLINE='# pam-auth-update(8) for details.'
 
 # This function will be called if the script status is on enabled / audit mode
 audit () {
@@ -47,7 +49,7 @@ apply () {
         apt_install $PACKAGE
     elif [ $FNRET = 2 ]; then
         warn "Apply:$AUTHPATTERN is not present in $AUTHFILE"
-        add_line_file_after_pattern $AUTHFILE "auth required pam_tally2.so audit deny=3 unlock_time=900" "# pam-auth-update(8) for details."
+        add_line_file_after_pattern $AUTHFILE $AUTHRULE $ADDPATTERNLINE
     fi
 }