Implement bash_pam_pwhistory_enable macro

alanmcanonical · alanmcanonical · commit dedc5a7a608b · 2024-12-17T15:35:09.000Z
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_enabled/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_enabled/bash/shared.sh
@@ -1,22 +1,3 @@
 # platform = multi_platform_ubuntu
 
-conf_name=cac_pwhistory
-conf_path="/usr/share/pam-configs"
-
-if [ ! -f "$conf_path"/"$conf_name" ]; then
-    if [ -f "$conf_path"/pwhistory ]; then
-        cp "$conf_path"/pwhistory "$conf_path"/"$conf_name"
-        sed -i '/Default: yes/a Priority: 1025\
-Conflicts: pwhistory' "$conf_path"/"$conf_name"
-    else
-        cat << EOF > "$conf_path"/"$conf_name"
-Name: pwhistory password history checking
-Default: yes
-Priority: 1024
-Password-Type: Primary
-Password: requisite pam_pwhistory.so remember=24 enforce_for_root try_first_pass use_authtok
-EOF
-    fi
-fi
-
-DEBIAN_FRONTEND=noninteractive pam-auth-update
+{{{ bash_pam_pwhistory_enable() }}}
diff --git a/shared/macros/10-bash.jinja b/shared/macros/10-bash.jinja
@@ -982,7 +982,24 @@ if [ -f /usr/bin/authselect ]; then
         {{{ bash_ensure_pam_module_line("$PAM_FILE_PATH", 'password', control, 'pam_pwhistory.so', after_match) | indent(8) }}}
     fi
 else
+{{% if 'ubuntu' in product %}}
+conf_name=cac_pwhistory
+conf_path="/usr/share/pam-configs"
+
+if [ ! -f "$conf_path"/"$conf_name" ]; then
+    cat << EOF > "$conf_path"/"$conf_name"
+Name: pwhistory password history checking
+Default: yes
+Priority: 1024
+Password-Type: Primary
+Password: requisite pam_pwhistory.so remember=24 enforce_for_root try_first_pass use_authtok
+EOF
+fi
+
+DEBIAN_FRONTEND=noninteractive pam-auth-update
+{{% else %}}
     {{{ bash_ensure_pam_module_line(pam_file, 'password', control, 'pam_pwhistory.so', after_match) | indent(4) }}}
+{{% endif %}}
 fi
 {{%- endmacro -%}}
 
