Closed linuxdan closed 5 years ago
Could you describe more what you want to accomplish?
Using system-auth
as a specific example, I want to have system-auth
be created as symlink to a file named system-auth-[whatever]
which would contain (as a start)
auth include system-auth-ac
account include system-auth-ac
password include system-auth-ac
session include system-auth-ac
so that any changes to system-auth-ac
as a result of running the authconfig
command will not overwrite customizations required by guidelines like tha DISA STIGs which are done in system-auth-[whatever]
Repeat this description for every \authconfig
command. For a RHEL 7 system using the RHEL-7 STIG, the files in question are system-auth
, password-auth
, and postlogin
When modifying authentication configuration using the authconfig utility, the
system-auth and password-auth files are overwritten with the settings from
the authconfig utility. This can be avoided by creating symbolic links in place
of the configuration files, which authconfig recognizes and does not overwrite.
When modifying the system with authconfig... This can be avoided by .. running Puppet which will ensure the state of your system.
The point of this seems to be a safe guard against the system being modified, though since you employ a configuration management tool, this does not seem to make sense.
I appreciate you opening the issue and if I missed something, then please re-open and supply a pull request for review.
Willing to help out on this one.
This documentation describes it: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/chap-hardening_your_system_with_tools_and_services#sect-Security_Guide-Workstation_Security-Account_Locking Scroll down to the heading "Keeping Custom Settings with authconfig"