diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/tests/expected_pam_files.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/tests/expected_pam_files.pass.sh
index 1c0458b43dc..98037b3e3e0 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/tests/expected_pam_files.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/tests/expected_pam_files.pass.sh
@@ -1,5 +1,6 @@
#!/bin/bash
# packages = authselect,pam
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
source common.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/tests/missing_parameter.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/tests/missing_parameter.fail.sh
index 72fcac158e9..f56bdbce208 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/tests/missing_parameter.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/tests/missing_parameter.fail.sh
@@ -1,4 +1,5 @@
#!/bin/bash
# packages = authselect,pam
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
source common.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/oval/ubuntu.xml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/oval/ubuntu.xml
index 4679d9b38f8..a421b104dc5 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/oval/ubuntu.xml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/oval/ubuntu.xml
@@ -57,7 +57,7 @@
- ^\s*auth\s+required\s+pam_faillock\.so.*preauth.*[\s\S]*^\s*auth.*pam_unix\.so[\s\S]*^\s*auth\s+\[default=die\]\s+pam_faillock\.so\s+authfail[\s\S]*^\s*auth\s+sufficient\s+pam_faillock\.so\s+authsucc
+ ^\s*auth\s+(requisite|required)\s+pam_faillock\.so.*preauth.*[\s\S]*^\s*auth.*pam_unix\.so[\s\S]*^\s*auth\s+\[default=die\]\s+pam_faillock\.so\s+authfail
/etc/security/faillock.conf
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/ubuntu_common.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/ubuntu_common.sh
index e64fb3528e8..532926d2701 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/ubuntu_common.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/ubuntu_common.sh
@@ -1,50 +1,24 @@
#!/bin/bash
-# Create passing pam.d files based on defaults from a clean installation of Ubuntu 22.04 LTS
-# Extra comments and whitespaces were added to test for edge cases
-
-cat >/etc/pam.d/common-auth < /usr/share/pam-configs/faillock
+Name: Enable pam_faillock to deny access
+Default: yes
+Priority: 0
+Auth-Type: Primary
+Auth:
+ [default=die] pam_faillock.so authfail
EOF
-
-cat >/etc/pam.d/common-account < /usr/share/pam-configs/faillock_notify
+Name: Notify of failed login attempts and reset count upon success
+Default: yes
+Priority: 1024
+Auth-Type: Primary
+Auth:
+ requisite pam_faillock.so preauth
+Account-Type: Primary
+Account:
+ required pam_faillock.so
EOF
+
+DEBIAN_FRONTEND=noninteractive pam-auth-update
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/ubuntu_correct_pamd.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/ubuntu_correct_pamd.pass.sh
index 35a749f070a..bffea0531c4 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/ubuntu_correct_pamd.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/ubuntu_correct_pamd.pass.sh
@@ -1,7 +1,25 @@
#!/bin/bash
# platform = multi_platform_ubuntu
-source ubuntu_common.sh
+cat << EOF > /usr/share/pam-configs/faillock
+Name: Enable pam_faillock to deny access
+Default: yes
+Priority: 0
+Auth-Type: Primary
+Auth:
+ [default=die] pam_faillock.so authfail audit
+EOF
-sed -i 's/\(.*pam_faillock.so.*\)/\1 audit/g' /etc/pam.d/common-auth
+cat << EOF > /usr/share/pam-configs/faillock_notify
+Name: Notify of failed login attempts and reset count upon success
+Default: yes
+Priority: 1024
+Auth-Type: Primary
+Auth:
+ requisite pam_faillock.so preauth audit
+Account-Type: Primary
+Account:
+ required pam_faillock.so
+EOF
+DEBIAN_FRONTEND=noninteractive pam-auth-update
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/ubuntu_missing_pamd.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/ubuntu_missing_pamd.fail.sh
index 92e0f1aed6a..6af1c668e92 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/ubuntu_missing_pamd.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/ubuntu_missing_pamd.fail.sh
@@ -3,7 +3,4 @@
source ubuntu_common.sh
-sed -i '/pam_faillock\.so/d' /etc/pam.d/common-auth
-sed -i '/pam_faillock\.so/d' /etc/pam.d/common-account
-
echo "audit" > /etc/security/faillock.conf
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/ubuntu_multiple_pam_unix.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/ubuntu_multiple_pam_unix.fail.sh
index 23be5083c6f..57b3bc3a4bf 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/ubuntu_multiple_pam_unix.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/ubuntu_multiple_pam_unix.fail.sh
@@ -8,4 +8,4 @@
source ubuntu_common.sh
-echo "auth sufficient pam_unix.so" >> /etc/pam.d/common-auth
+sed -i '/# end of pam-auth-update config/i\auth sufficient pam_unix.so' /etc/pam.d/common-auth
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_commented_values.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_commented_values.fail.sh
index 06e07a9d968..9b10313e9f8 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_commented_values.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_commented_values.fail.sh
@@ -1,9 +1,7 @@
#!/bin/bash
# platform = multi_platform_ubuntu
+# variables = var_accounts_passwords_pam_faillock_deny=10
source ubuntu_common.sh
-sed -i 's/\(^.*pam_faillock\.so.*\)/# \1/' /etc/pam.d/common-auth
-sed -i 's/\(^.*pam_faillock\.so.*\)/# \1/' /etc/pam.d/common-account
-
echo "#deny=1" > /etc/security/faillock.conf
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_common.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_common.sh
index e64fb3528e8..532926d2701 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_common.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_common.sh
@@ -1,50 +1,24 @@
#!/bin/bash
-# Create passing pam.d files based on defaults from a clean installation of Ubuntu 22.04 LTS
-# Extra comments and whitespaces were added to test for edge cases
-
-cat >/etc/pam.d/common-auth < /usr/share/pam-configs/faillock
+Name: Enable pam_faillock to deny access
+Default: yes
+Priority: 0
+Auth-Type: Primary
+Auth:
+ [default=die] pam_faillock.so authfail
EOF
-
-cat >/etc/pam.d/common-account < /usr/share/pam-configs/faillock_notify
+Name: Notify of failed login attempts and reset count upon success
+Default: yes
+Priority: 1024
+Auth-Type: Primary
+Auth:
+ requisite pam_faillock.so preauth
+Account-Type: Primary
+Account:
+ required pam_faillock.so
EOF
+
+DEBIAN_FRONTEND=noninteractive pam-auth-update
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_correct.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_correct.pass.sh
index 17e2131675e..6edc7e7af1f 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_correct.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_correct.pass.sh
@@ -1,5 +1,6 @@
#!/bin/bash
# platform = multi_platform_ubuntu
+# variables = var_accounts_passwords_pam_faillock_deny=10
source ubuntu_common.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_correct_pamd.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_correct_pamd.pass.sh
index e6d203a01c5..f1d9a7266c5 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_correct_pamd.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_correct_pamd.pass.sh
@@ -1,7 +1,26 @@
#!/bin/bash
# platform = multi_platform_ubuntu
+# variables = var_accounts_passwords_pam_faillock_deny=10
-source ubuntu_common.sh
+cat << EOF > /usr/share/pam-configs/faillock
+Name: Enable pam_faillock to deny access
+Default: yes
+Priority: 0
+Auth-Type: Primary
+Auth:
+ [default=die] pam_faillock.so authfail deny=1
+EOF
-sed -i 's/\(.*pam_faillock.so.*\)/\1 deny=1/g' /etc/pam.d/common-auth
+cat << EOF > /usr/share/pam-configs/faillock_notify
+Name: Notify of failed login attempts and reset count upon success
+Default: yes
+Priority: 1024
+Auth-Type: Primary
+Auth:
+ requisite pam_faillock.so preauth deny=1
+Account-Type: Primary
+Account:
+ required pam_faillock.so
+EOF
+DEBIAN_FRONTEND=noninteractive pam-auth-update
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_empty_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_empty_faillock_conf.fail.sh
deleted file mode 100644
index 3b73ba396a6..00000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_empty_faillock_conf.fail.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash
-# platform = multi_platform_ubuntu
-
-# This test should fail because neither pam.d or faillock.conf have deny defined
-
-source ubuntu_common.sh
-
-echo > /etc/security/faillock.conf
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_missing_pamd.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_missing_pamd.fail.sh
index 40c103dc6f9..3fbb16cdc5c 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_missing_pamd.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_missing_pamd.fail.sh
@@ -1,9 +1,5 @@
#!/bin/bash
# platform = multi_platform_ubuntu
-
-source ubuntu_common.sh
-
-sed -i '/pam_faillock\.so/d' /etc/pam.d/common-auth
-sed -i '/pam_faillock\.so/d' /etc/pam.d/common-account
+# variables = var_accounts_passwords_pam_faillock_deny=10
echo "deny=1" > /etc/security/faillock.conf
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_multiple_pam_unix.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_multiple_pam_unix.fail.sh
deleted file mode 100644
index 23be5083c6f..00000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_multiple_pam_unix.fail.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-# platform = multi_platform_ubuntu
-# remediation = none
-
-# Multiple instances of pam_unix.so in auth section may, intentionally or not, interfere
-# in the expected behaviour of pam_faillock.so. Remediation does not solve this automatically
-# in order to preserve intentional changes.
-
-source ubuntu_common.sh
-
-echo "auth sufficient pam_unix.so" >> /etc/pam.d/common-auth
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_wrong_value.fail.sh
index d236f32cb8b..b185d221714 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_wrong_value.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_wrong_value.fail.sh
@@ -1,5 +1,6 @@
#!/bin/bash
# platform = multi_platform_ubuntu
+# variables = var_accounts_passwords_pam_faillock_deny=10
source ubuntu_common.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/expected_pam_files.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/expected_pam_files.pass.sh
index 802d79ba8dc..2894185b055 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/expected_pam_files.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/expected_pam_files.pass.sh
@@ -1,5 +1,6 @@
#!/bin/bash
# packages = authselect,pam
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
source common.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/missing_dir_in_authfail.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/missing_dir_in_authfail.fail.sh
index 69d6493e4a7..3953a75673c 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/missing_dir_in_authfail.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/missing_dir_in_authfail.fail.sh
@@ -1,5 +1,6 @@
#!/bin/bash
# packages = authselect,pam
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
source common.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/missing_dir_in_preauth.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/missing_dir_in_preauth.fail.sh
index 9d4c3640e66..303cf124fe0 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/missing_dir_in_preauth.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/missing_dir_in_preauth.fail.sh
@@ -1,5 +1,6 @@
#!/bin/bash
# packages = authselect,pam
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
source common.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/wrong_pam_files.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/wrong_pam_files.fail.sh
index d59e07f7647..45724e5e1e8 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/wrong_pam_files.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/wrong_pam_files.fail.sh
@@ -1,5 +1,6 @@
#!/bin/bash
# packages = authselect,pam
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
source common.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/ubuntu_commented_values.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/ubuntu_commented_values.fail.sh
index 01648c77fc4..a865d7efd18 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/ubuntu_commented_values.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/ubuntu_commented_values.fail.sh
@@ -1,9 +1,7 @@
#!/bin/bash
# platform = multi_platform_ubuntu
+# variables = var_accounts_passwords_pam_faillock_fail_interval=800
source ubuntu_common.sh
-sed -i 's/\(^.*pam_faillock\.so.*\)/# \1/' /etc/pam.d/common-auth
-sed -i 's/\(^.*pam_faillock\.so.*\)/# \1/' /etc/pam.d/common-account
-
echo "#fail_interval=900" > /etc/security/faillock.conf
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/ubuntu_common.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/ubuntu_common.sh
index e64fb3528e8..532926d2701 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/ubuntu_common.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/ubuntu_common.sh
@@ -1,50 +1,24 @@
#!/bin/bash
-# Create passing pam.d files based on defaults from a clean installation of Ubuntu 22.04 LTS
-# Extra comments and whitespaces were added to test for edge cases
-
-cat >/etc/pam.d/common-auth < /usr/share/pam-configs/faillock
+Name: Enable pam_faillock to deny access
+Default: yes
+Priority: 0
+Auth-Type: Primary
+Auth:
+ [default=die] pam_faillock.so authfail
EOF
-
-cat >/etc/pam.d/common-account < /usr/share/pam-configs/faillock_notify
+Name: Notify of failed login attempts and reset count upon success
+Default: yes
+Priority: 1024
+Auth-Type: Primary
+Auth:
+ requisite pam_faillock.so preauth
+Account-Type: Primary
+Account:
+ required pam_faillock.so
EOF
+
+DEBIAN_FRONTEND=noninteractive pam-auth-update
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/ubuntu_correct.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/ubuntu_correct.pass.sh
index 9e960cfda06..0be3daea347 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/ubuntu_correct.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/ubuntu_correct.pass.sh
@@ -1,5 +1,6 @@
#!/bin/bash
# platform = multi_platform_ubuntu
+# variables = var_accounts_passwords_pam_faillock_fail_interval=800
source ubuntu_common.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/ubuntu_correct_pamd.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/ubuntu_correct_pamd.pass.sh
index 4c9241b5267..7b43417e5f7 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/ubuntu_correct_pamd.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/ubuntu_correct_pamd.pass.sh
@@ -1,7 +1,26 @@
#!/bin/bash
# platform = multi_platform_ubuntu
+# variables = var_accounts_passwords_pam_faillock_fail_interval=800
-source ubuntu_common.sh
+cat << EOF > /usr/share/pam-configs/faillock
+Name: Enable pam_faillock to deny access
+Default: yes
+Priority: 0
+Auth-Type: Primary
+Auth:
+ [default=die] pam_faillock.so authfail fail_interval=900
+EOF
-sed -i 's/\(.*pam_faillock.so.*\)/\1 fail_interval=900/g' /etc/pam.d/common-auth
+cat << EOF > /usr/share/pam-configs/faillock_notify
+Name: Notify of failed login attempts and reset count upon success
+Default: yes
+Priority: 1024
+Auth-Type: Primary
+Auth:
+ requisite pam_faillock.so preauth fail_interval=900
+Account-Type: Primary
+Account:
+ required pam_faillock.so
+EOF
+DEBIAN_FRONTEND=noninteractive pam-auth-update
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/ubuntu_empty_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/ubuntu_empty_faillock_conf.fail.sh
deleted file mode 100644
index 05bac86bef0..00000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/ubuntu_empty_faillock_conf.fail.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash
-# platform = multi_platform_ubuntu
-
-# This test should fail because neither pam.d or faillock.conf have fail_interval defined
-
-source ubuntu_common.sh
-
-echo > /etc/security/faillock.conf
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/ubuntu_missing_pamd.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/ubuntu_missing_pamd.fail.sh
index 0d6ccea0a3f..1983fb4e6ff 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/ubuntu_missing_pamd.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/ubuntu_missing_pamd.fail.sh
@@ -1,9 +1,5 @@
#!/bin/bash
# platform = multi_platform_ubuntu
-
-source ubuntu_common.sh
-
-sed -i '/pam_faillock\.so/d' /etc/pam.d/common-auth
-sed -i '/pam_faillock\.so/d' /etc/pam.d/common-account
+# variables = var_accounts_passwords_pam_faillock_fail_interval=800
echo "fail_interval=900" > /etc/security/faillock.conf
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/ubuntu_multiple_pam_unix.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/ubuntu_multiple_pam_unix.fail.sh
deleted file mode 100644
index 23be5083c6f..00000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/ubuntu_multiple_pam_unix.fail.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-# platform = multi_platform_ubuntu
-# remediation = none
-
-# Multiple instances of pam_unix.so in auth section may, intentionally or not, interfere
-# in the expected behaviour of pam_faillock.so. Remediation does not solve this automatically
-# in order to preserve intentional changes.
-
-source ubuntu_common.sh
-
-echo "auth sufficient pam_unix.so" >> /etc/pam.d/common-auth
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/ubuntu_wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/ubuntu_wrong_value.fail.sh
index 0de402a7213..88fc852a76c 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/ubuntu_wrong_value.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/ubuntu_wrong_value.fail.sh
@@ -1,5 +1,6 @@
#!/bin/bash
# platform = multi_platform_ubuntu
+# variables = var_accounts_passwords_pam_faillock_fail_interval=800
source ubuntu_common.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/ubuntu_commented_values.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/ubuntu_commented_values.fail.sh
index cc08ec1cf44..0825090b42d 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/ubuntu_commented_values.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/ubuntu_commented_values.fail.sh
@@ -1,9 +1,7 @@
#!/bin/bash
# platform = multi_platform_ubuntu
+# variables = var_accounts_passwords_pam_faillock_unlock_time=300
source ubuntu_common.sh
-sed -i 's/\(^.*pam_faillock\.so.*\)/# \1/' /etc/pam.d/common-auth
-sed -i 's/\(^.*pam_faillock\.so.*\)/# \1/' /etc/pam.d/common-account
-
echo "#unlock_time=1000" > /etc/security/faillock.conf
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/ubuntu_common.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/ubuntu_common.sh
index e64fb3528e8..532926d2701 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/ubuntu_common.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/ubuntu_common.sh
@@ -1,50 +1,24 @@
#!/bin/bash
-# Create passing pam.d files based on defaults from a clean installation of Ubuntu 22.04 LTS
-# Extra comments and whitespaces were added to test for edge cases
-
-cat >/etc/pam.d/common-auth < /usr/share/pam-configs/faillock
+Name: Enable pam_faillock to deny access
+Default: yes
+Priority: 0
+Auth-Type: Primary
+Auth:
+ [default=die] pam_faillock.so authfail
EOF
-
-cat >/etc/pam.d/common-account < /usr/share/pam-configs/faillock_notify
+Name: Notify of failed login attempts and reset count upon success
+Default: yes
+Priority: 1024
+Auth-Type: Primary
+Auth:
+ requisite pam_faillock.so preauth
+Account-Type: Primary
+Account:
+ required pam_faillock.so
EOF
+
+DEBIAN_FRONTEND=noninteractive pam-auth-update
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/ubuntu_correct.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/ubuntu_correct.pass.sh
index e380799af2e..7ace223da97 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/ubuntu_correct.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/ubuntu_correct.pass.sh
@@ -1,5 +1,6 @@
#!/bin/bash
# platform = multi_platform_ubuntu
+# variables = var_accounts_passwords_pam_faillock_unlock_time=300
source ubuntu_common.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/ubuntu_correct_pamd.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/ubuntu_correct_pamd.pass.sh
index 741bea844af..884fdcd6baa 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/ubuntu_correct_pamd.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/ubuntu_correct_pamd.pass.sh
@@ -1,7 +1,26 @@
#!/bin/bash
# platform = multi_platform_ubuntu
+# variables = var_accounts_passwords_pam_faillock_unlock_time=300
-source ubuntu_common.sh
+cat << EOF > /usr/share/pam-configs/faillock
+Name: Enable pam_faillock to deny access
+Default: yes
+Priority: 0
+Auth-Type: Primary
+Auth:
+ [default=die] pam_faillock.so authfail unlock_time=900
+EOF
-sed -i 's/\(.*pam_faillock.so.*\)/\1 unlock_time=1000/g' /etc/pam.d/common-auth
+cat << EOF > /usr/share/pam-configs/faillock_notify
+Name: Notify of failed login attempts and reset count upon success
+Default: yes
+Priority: 1024
+Auth-Type: Primary
+Auth:
+ requisite pam_faillock.so preauth unlock_time=900
+Account-Type: Primary
+Account:
+ required pam_faillock.so
+EOF
+DEBIAN_FRONTEND=noninteractive pam-auth-update
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/ubuntu_empty_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/ubuntu_empty_faillock_conf.fail.sh
deleted file mode 100644
index b36740fb97c..00000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/ubuntu_empty_faillock_conf.fail.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash
-# platform = multi_platform_ubuntu
-
-# This test should fail because neither pam.d or faillock.conf have unlock_time defined
-
-source ubuntu_common.sh
-
-echo > /etc/security/faillock.conf
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/ubuntu_missing_pamd.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/ubuntu_missing_pamd.fail.sh
index 9ef68330d39..89e4d1a4a78 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/ubuntu_missing_pamd.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/ubuntu_missing_pamd.fail.sh
@@ -1,9 +1,5 @@
#!/bin/bash
# platform = multi_platform_ubuntu
-
-source ubuntu_common.sh
-
-sed -i '/pam_faillock\.so/d' /etc/pam.d/common-auth
-sed -i '/pam_faillock\.so/d' /etc/pam.d/common-account
+# variables = var_accounts_passwords_pam_faillock_unlock_time=300
echo "unlock_time=1000" > /etc/security/faillock.conf
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/ubuntu_multiple_pam_unix.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/ubuntu_multiple_pam_unix.fail.sh
deleted file mode 100644
index 23be5083c6f..00000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/ubuntu_multiple_pam_unix.fail.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-# platform = multi_platform_ubuntu
-# remediation = none
-
-# Multiple instances of pam_unix.so in auth section may, intentionally or not, interfere
-# in the expected behaviour of pam_faillock.so. Remediation does not solve this automatically
-# in order to preserve intentional changes.
-
-source ubuntu_common.sh
-
-echo "auth sufficient pam_unix.so" >> /etc/pam.d/common-auth
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/ubuntu_wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/ubuntu_wrong_value.fail.sh
new file mode 100644
index 00000000000..01e5c0701ed
--- /dev/null
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/ubuntu_wrong_value.fail.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+# platform = multi_platform_ubuntu
+# variables = var_accounts_passwords_pam_faillock_unlock_time=300
+
+source ubuntu_common.sh
+
+echo "unlock_time=100" > /etc/security/faillock.conf
diff --git a/shared/macros/10-bash.jinja b/shared/macros/10-bash.jinja
index 9b273765cc5..0ce3432597d 100644
--- a/shared/macros/10-bash.jinja
+++ b/shared/macros/10-bash.jinja
@@ -1029,13 +1029,13 @@ fi
{{%- macro bash_pam_faillock_parameter_value(option, value='', authfail=True) -%}}
{{% if 'ubuntu' in product %}}
AUTH_FILES=("/etc/pam.d/common-auth")
-APPEND_FAILLOCK_CONF=true
+SKIP_FAILLOCK_CHECK=true
{{% else %}}
AUTH_FILES=("/etc/pam.d/system-auth" "/etc/pam.d/password-auth")
-APPEND_FAILLOCK_CONF=false
+SKIP_FAILLOCK_CHECK=false
{{% endif %}}
FAILLOCK_CONF="/etc/security/faillock.conf"
-if [ -f $FAILLOCK_CONF ] || [ "$APPEND_FAILLOCK_CONF" = "true" ]; then
+if [ -f $FAILLOCK_CONF ] || [ "$SKIP_FAILLOCK_CHECK" = "true" ]; then
{{%- if value == '' %}}
regex="^\s*{{{ option }}}"
line="{{{ option }}}"
diff --git a/shared/templates/pam_account_password_faillock/oval.template b/shared/templates/pam_account_password_faillock/oval.template
index a422d5352d2..915905aedd3 100644
--- a/shared/templates/pam_account_password_faillock/oval.template
+++ b/shared/templates/pam_account_password_faillock/oval.template
@@ -125,7 +125,7 @@
{{% if 'debian' in product %}}
^\s*auth\s+required\s+pam_faillock\.so.*preauth.*[\s\S]*^\s*auth.*pam_unix\.so[\s\S]*^\s*auth\s+\[default=die\]\s+pam_faillock\.so\s+authfail[\s\S]*^\s*auth\s+sufficient\s+pam_faillock\.so\s+authsucc
{{% elif 'ubuntu' in product %}}
- ^\s*auth\s+requisite\s+pam_faillock\.so.*preauth.*[\s\S]*^\s*auth.*pam_unix\.so[\s\S]*^\s*auth\s+\[default=die\]\s+pam_faillock\.so\s+authfail
+ ^\s*auth\s+(requisite|required)\s+pam_faillock\.so.*preauth.*[\s\S]*^\s*auth.*pam_unix\.so[\s\S]*^\s*auth\s+\[default=die\]\s+pam_faillock\.so\s+authfail
{{% elif 'openeuler' in product or 'kylinserver' in product %}}
^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)?(?=.*?\bnew_authtok_reqd=ok\b)?(?=.*?\bignore=ignore\b)?(?=.*?\bdefault=bad\b)?.*\])[\s]+pam_faillock\.so[\s\w\d=]+preauth[\s\S]*^[\s]*auth[\s]+(sufficient|\[(?=.*\bsuccess=done\b)?(?=.*?\bnew_authtok_reqd=done\b)?(?=.*?\bdefault=ignore\b)?.*\])[\s]+pam_unix\.so[\s\S]*^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)?(?=.*?\bnew_authtok_reqd=ok\b)?(?=.*?\bignore=ignore\b)?(?=.*?\bdefault=die\b)?.*\])[\s]+pam_faillock\.so[\s\w\d=]+authfail
{{% else %}}
diff --git a/shared/templates/pam_account_password_faillock/tests/authselect_modified_pam.fail.sh b/shared/templates/pam_account_password_faillock/tests/authselect_modified_pam.fail.sh
deleted file mode 100644
index b3232cc93ec..00000000000
--- a/shared/templates/pam_account_password_faillock/tests/authselect_modified_pam.fail.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
-# remediation = none
-
-SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
-
-# This modification will break the integrity checks done by authselect.
-if ! $(grep -q "^[^#].*pam_pwhistory\.so.*remember=" $SYSTEM_AUTH_FILE); then
- sed -i "/^password.*requisite.*pam_pwquality\.so/a password requisite pam_pwhistory.so" $SYSTEM_AUTH_FILE
-else
- sed -i "s/\(.*pam_pwhistory\.so.*remember=\)[[:digit:]]\+\s\(.*\)/\1/g" $SYSTEM_AUTH_FILE
-fi
diff --git a/shared/templates/pam_account_password_faillock/tests/conflicting_settings_authselect.fail.sh b/shared/templates/pam_account_password_faillock/tests/conflicting_settings_authselect.fail.sh
deleted file mode 100644
index 24f5731f63d..00000000000
--- a/shared/templates/pam_account_password_faillock/tests/conflicting_settings_authselect.fail.sh
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/bin/bash
-# packages = authselect,pam
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
-
-pam_files=("password-auth" "system-auth")
-
-authselect create-profile testingProfile --base-on minimal
-
-CUSTOM_PROFILE_DIR="/etc/authselect/custom/testingProfile"
-
-authselect select --force custom/testingProfile
-
-truncate -s 0 /etc/security/faillock.conf
-
-echo "deny = 3" > /etc/security/faillock.conf
-
-{{{ bash_pam_faillock_enable() }}}
-
-for file in ${pam_files[@]}; do
- if grep -qP "auth.*faillock\.so.*preauth" $CUSTOM_PROFILE_DIR/$file; then
- sed -i "/^\s*auth.*faillock\.so.*preauth/ s/$/deny=3/" \
- "$CUSTOM_PROFILE_DIR/$file"
- else
- sed -i "0,/^\s*auth.*/i auth required pam_faillock.so preauth deny=3" \
- "$CUSTOM_PROFILE_DIR/$file"
- fi
-done
-
-
-authselect apply-changes
diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_conflicting_settings.fail.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_conflicting_settings.fail.sh
deleted file mode 100644
index aa3ca061de7..00000000000
--- a/shared/templates/pam_account_password_faillock/tests/pam_faillock_conflicting_settings.fail.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/bash
-# packages = authselect
-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
-# remediation = none
-# variables = var_accounts_passwords_pam_faillock_deny=3
-
-authselect select sssd --force
-authselect enable-feature with-faillock
-# This test scenario simulates conflicting settings in pam and faillock.conf files.
-# It means that authselect is not properly configured and may have a unexpected behaviour. The
-# authselect integrity check will fail and the remediation will be aborted in order to preserve
-# intentional changes. In this case, an informative message will be shown in the remediation report.
-sed -i --follow-symlinks 's/\(pam_faillock.so \(preauth silent\|authfail\)\).*$/\1 deny=3/g' /etc/pam.d/system-auth /etc/pam.d/password-auth
-> /etc/security/faillock.conf
-echo "deny = 3" >> /etc/security/faillock.conf
-echo "silent" >> /etc/security/faillock.conf
diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_disabled.fail.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_disabled.fail.sh
deleted file mode 100644
index 67c1b593bdb..00000000000
--- a/shared/templates/pam_account_password_faillock/tests/pam_faillock_disabled.fail.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle
-# packages = authselect
-# variables = var_accounts_passwords_pam_faillock_deny=3
-
-if [ -f /usr/sbin/authconfig ]; then
- authconfig --disablefaillock --update
-else
- authselect select sssd --force
- authselect disable-feature with-faillock
-fi
diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_expected_faillock_conf.pass.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_expected_faillock_conf.pass.sh
deleted file mode 100644
index e770e300f52..00000000000
--- a/shared/templates/pam_account_password_faillock/tests/pam_faillock_expected_faillock_conf.pass.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-# packages = authselect
-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
-# variables = var_accounts_passwords_pam_faillock_deny=3
-
-authselect select sssd --force
-authselect enable-feature with-faillock
-> /etc/security/faillock.conf
-echo "deny = 3" >> /etc/security/faillock.conf
-echo "silent" >> /etc/security/faillock.conf
diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_expected_pam_files.pass.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_expected_pam_files.pass.sh
deleted file mode 100644
index bbf97fa2ac0..00000000000
--- a/shared/templates/pam_account_password_faillock/tests/pam_faillock_expected_pam_files.pass.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-# packages = authconfig
-# platform = Oracle Linux 7,multi_platform_fedora
-# variables = var_accounts_passwords_pam_faillock_deny=3
-
-authconfig --enablefaillock --faillockargs="deny=3" --update
diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_lenient_faillock_conf.fail.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_lenient_faillock_conf.fail.sh
deleted file mode 100644
index fd57152b8c4..00000000000
--- a/shared/templates/pam_account_password_faillock/tests/pam_faillock_lenient_faillock_conf.fail.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-# packages = authselect
-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
-# variables = var_accounts_passwords_pam_faillock_deny=3
-
-authselect select sssd --force
-authselect enable-feature with-faillock
-> /etc/security/faillock.conf
-echo "deny = 5" >> /etc/security/faillock.conf
-echo "silent" >> /etc/security/faillock.conf
diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_lenient_pam_files.fail.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_lenient_pam_files.fail.sh
deleted file mode 100644
index cb1ca930499..00000000000
--- a/shared/templates/pam_account_password_faillock/tests/pam_faillock_lenient_pam_files.fail.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-# packages = authconfig
-# platform = Oracle Linux 7,multi_platform_fedora
-# variables = var_accounts_passwords_pam_faillock_deny=3
-
-authconfig --enablefaillock --faillockargs="deny=5" --update
diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
deleted file mode 100644
index efb57601cb9..00000000000
--- a/shared/templates/pam_account_password_faillock/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/bash
-# packages = authselect
-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
-# remediation = none
-# variables = var_accounts_passwords_pam_faillock_deny=3
-
-authselect select sssd --force
-authselect enable-feature with-faillock
-# Ensure the parameters only in /etc/security/faillock.conf
-sed -i --follow-symlinks 's/\(pam_faillock.so \(preauth silent\|authfail\)\).*$/\1/g' /etc/pam.d/system-auth /etc/pam.d/password-auth
-> /etc/security/faillock.conf
-echo "deny = 3" >> /etc/security/faillock.conf
-echo "silent" >> /etc/security/faillock.conf
-
-# Multiple instances of pam_unix.so in auth section may, intentionally or not, interfere
-# in the expected behaviour of pam_faillock.so. Remediation does not solve this automatically
-# in order to preserve intentional changes.
-echo "auth sufficient pam_unix.so" >> /etc/pam.d/password-auth
diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_multiple_pam_unix_pam_files.fail.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_multiple_pam_unix_pam_files.fail.sh
deleted file mode 100644
index 51d94b3333b..00000000000
--- a/shared/templates/pam_account_password_faillock/tests/pam_faillock_multiple_pam_unix_pam_files.fail.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-# packages = authconfig
-# platform = Oracle Linux 7,multi_platform_fedora
-# remediation = none
-# variables = var_accounts_passwords_pam_faillock_deny=3
-
-authconfig --enablefaillock --faillockargs="deny=3" --update
-
-# Multiple instances of pam_unix.so in auth section may, intentionally or not, interfere
-# in the expected behaviour of pam_faillock.so. Remediation does not solve this automatically
-# in order to preserve intentional changes.
-echo "auth sufficient pam_unix.so" >> /etc/pam.d/password-auth
diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_not_required_pam_files.fail.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_not_required_pam_files.fail.sh
deleted file mode 100644
index e3ec96da080..00000000000
--- a/shared/templates/pam_account_password_faillock/tests/pam_faillock_not_required_pam_files.fail.sh
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/bin/bash
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle
-# packages = authselect
-# remediation = none
-# variables = var_accounts_passwords_pam_faillock_deny=3
-
-# This test scenario manually modify the pam_faillock.so entries in auth section from
-# "required" to "sufficient". This makes pam_faillock.so behave differently than initially
-# intentioned. We catch this, but we can't safely remediate in an automated way.
-if [ -f /usr/sbin/authconfig ]; then
- authconfig --enablefaillock --faillockargs="deny=3" --update
-else
- authselect select sssd --force
- authselect enable-feature with-faillock
- sed -i --follow-symlinks 's/\(pam_faillock.so \(preauth silent\|authfail\)\).*$/\1 deny=3/g' /etc/pam.d/system-auth /etc/pam.d/password-auth
-fi
-sed -i --follow-symlinks 's/\(^\s*auth\s*\)\(\s.*\)\(pam_faillock\.so.*$\)/\1 sufficient \3/g' /etc/pam.d/system-auth /etc/pam.d/password-auth
-if [ -f /etc/security/faillock.conf ]; then
- > /etc/security/faillock.conf
-fi
diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_stricter_faillock_conf.pass.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_stricter_faillock_conf.pass.sh
deleted file mode 100644
index 595b85192da..00000000000
--- a/shared/templates/pam_account_password_faillock/tests/pam_faillock_stricter_faillock_conf.pass.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-# packages = authselect
-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
-# variables = var_accounts_passwords_pam_faillock_deny=3
-
-authselect select sssd --force
-authselect enable-feature with-faillock
-> /etc/security/faillock.conf
-echo "deny = 2" >> /etc/security/faillock.conf
-echo "silent" >> /etc/security/faillock.conf
diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_stricter_pam_files.pass.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_stricter_pam_files.pass.sh
deleted file mode 100644
index 54729a3144b..00000000000
--- a/shared/templates/pam_account_password_faillock/tests/pam_faillock_stricter_pam_files.pass.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-# packages = authconfig
-# platform = Oracle Linux 7,multi_platform_fedora
-# variables = var_accounts_passwords_pam_faillock_deny=3
-
-authconfig --enablefaillock --faillockargs="deny=2" --update
diff --git a/shared/templates/pam_account_password_faillock/tests/ubuntu_commented_values.fail.sh b/shared/templates/pam_account_password_faillock/tests/ubuntu_commented_values.fail.sh
deleted file mode 100644
index d49c834a648..00000000000
--- a/shared/templates/pam_account_password_faillock/tests/ubuntu_commented_values.fail.sh
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/bash
-# platform = multi_platform_ubuntu
-
-source ubuntu_common.sh
-
-rm -f /usr/share/cac_faillock*
-pam-auth-update
-
-sed -i 's/\(^.*pam_faillock\.so.*\)/# \1/' /etc/pam.d/common-auth
-sed -i 's/\(^.*pam_faillock\.so.*\)/# \1/' /etc/pam.d/common-account
-
-
-echo "#deny=1" > /etc/security/faillock.conf
diff --git a/shared/templates/pam_account_password_faillock/tests/ubuntu_common.sh b/shared/templates/pam_account_password_faillock/tests/ubuntu_common.sh
deleted file mode 100644
index e64fb3528e8..00000000000
--- a/shared/templates/pam_account_password_faillock/tests/ubuntu_common.sh
+++ /dev/null
@@ -1,50 +0,0 @@
-#!/bin/bash
-
-# Create passing pam.d files based on defaults from a clean installation of Ubuntu 22.04 LTS
-# Extra comments and whitespaces were added to test for edge cases
-
-cat >/etc/pam.d/common-auth </etc/pam.d/common-account < /etc/security/faillock.conf
diff --git a/shared/templates/pam_account_password_faillock/tests/ubuntu_correct_pamd.pass.sh b/shared/templates/pam_account_password_faillock/tests/ubuntu_correct_pamd.pass.sh
deleted file mode 100644
index 7560dca2ef2..00000000000
--- a/shared/templates/pam_account_password_faillock/tests/ubuntu_correct_pamd.pass.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-# platform = multi_platform_ubuntu
-
-source ubuntu_common.sh
-
-rm -f /usr/share/cac_faillock*
-pam-auth-update
-
-sed -i 's/\(.*pam_faillock.so.*\)/\1 deny=1/g' /etc/pam.d/common-auth
-
diff --git a/shared/templates/pam_account_password_faillock/tests/ubuntu_empty_faillock_conf.fail.sh b/shared/templates/pam_account_password_faillock/tests/ubuntu_empty_faillock_conf.fail.sh
deleted file mode 100644
index 7dfc2dc7bd1..00000000000
--- a/shared/templates/pam_account_password_faillock/tests/ubuntu_empty_faillock_conf.fail.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-# platform = multi_platform_ubuntu
-
-# This test should fail because neither pam.d or faillock.conf have deny defined
-
-source ubuntu_common.sh
-
-rm -f /usr/share/cac_faillock*
-pam-auth-update
-
-echo > /etc/security/faillock.conf
diff --git a/shared/templates/pam_account_password_faillock/tests/ubuntu_missing_pamd.fail.sh b/shared/templates/pam_account_password_faillock/tests/ubuntu_missing_pamd.fail.sh
deleted file mode 100644
index bed9d088ad3..00000000000
--- a/shared/templates/pam_account_password_faillock/tests/ubuntu_missing_pamd.fail.sh
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/bin/bash
-# platform = multi_platform_ubuntu
-
-source ubuntu_common.sh
-
-rm -f /usr/share/cac_faillock*
-pam-auth-update
-
-sed -i 's/\(^.*pam_faillock\.so.*\)/# \1/' /etc/pam.d/common-auth
-sed -i 's/\(^.*pam_faillock\.so.*\)/# \1/' /etc/pam.d/common-account
-
-pam-auth-update --remove faillock faillock_notify --force
-
-echo "deny=1" > /etc/security/faillock.conf
diff --git a/shared/templates/pam_account_password_faillock/tests/ubuntu_multiple_pam_unix.fail.sh b/shared/templates/pam_account_password_faillock/tests/ubuntu_multiple_pam_unix.fail.sh
deleted file mode 100644
index 23be5083c6f..00000000000
--- a/shared/templates/pam_account_password_faillock/tests/ubuntu_multiple_pam_unix.fail.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-# platform = multi_platform_ubuntu
-# remediation = none
-
-# Multiple instances of pam_unix.so in auth section may, intentionally or not, interfere
-# in the expected behaviour of pam_faillock.so. Remediation does not solve this automatically
-# in order to preserve intentional changes.
-
-source ubuntu_common.sh
-
-echo "auth sufficient pam_unix.so" >> /etc/pam.d/common-auth
diff --git a/shared/templates/pam_account_password_faillock/tests/ubuntu_wrong_value.fail.sh b/shared/templates/pam_account_password_faillock/tests/ubuntu_wrong_value.fail.sh
deleted file mode 100644
index d236f32cb8b..00000000000
--- a/shared/templates/pam_account_password_faillock/tests/ubuntu_wrong_value.fail.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-# platform = multi_platform_ubuntu
-
-source ubuntu_common.sh
-
-echo "deny=999" > /etc/security/faillock.conf