# platform = multi_platform_rhel, multi_platform_fedora
# reboot = false
# strategy = restrict
# complexity = low
# disruption = low
. /usr/share/scap-security-guide/remediation_functions
populate var_password_pam_{{{ VARIABLE }}}

{{% if product == "rhel6" %}}
{{# There is no package libpwquality for RHEL6 #}}

if LC_ALL=C grep -m 1 -q -e "{{{ VARIABLE }}}=" /etc/pam.d/system-auth; then
	sed -i --follow-symlinks "s/\({{{ VARIABLE }}} *= *\).*/\1$var_password_pam_{{{ VARIABLE }}}/" /etc/pam.d/system-auth
else
	sed -i --follow-symlinks "/pam_cracklib.so/ s/$/ {{{ VARIABLE }}}=$var_password_pam_{{{ VARIABLE }}}/" /etc/pam.d/system-auth
fi

{{% else %}}

replace_or_append '/etc/security/pwquality.conf' '^{{{ VARIABLE }}}' $var_password_pam_{{{ VARIABLE }}} '@CCENUM@' '%s = %s'

{{% endif %}}
