Update warning about pwhistory feature in authselect

It was noticed a possible scenario where the feature is introduced in a system with a custom profile based in older authselect versions. In these cases, the remediation can't be safely ensured and the custom profile should be updated by the administrator. Included this information in the rule warning.
ComplianceAsCode · Feb 7, 2023 · 6376ce4 · 6376ce4
1 parent 9f47dac
commit 6376ce4
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/...ing_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml b/...ing_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml
@@ -129,3 +129,7 @@ warnings:
        Newer versions of <tt>authselect</tt> contain an authselect feature to easily and properly
        enable <tt>pam_pwhistory.so</tt> module. If this feature is not yet available in your
        system, an authselect custom profile must be used to avoid integrity issues in PAM files.
+       If a custom profile was created and used in the system before this authselect feature be
+       available, the new feature can't be used with the outdated custom profile and the
+       remediation will fail. In this case, the custom profile should be recreated or manually
+       updated.