# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
# reboot = false
# strategy = restrict
# complexity = low
# disruption = low
. /usr/share/scap-security-guide/remediation_functions
{{{ bash_instantiate_variables("var_password_pam_" + VARIABLE) }}}

{{% if product == "rhel6" %}}
{{# There is no package libpwquality for RHEL6 #}}

if LC_ALL=C grep -m 1 -q -e "{{{ VARIABLE }}}=" /etc/pam.d/system-auth; then
	sed -i --follow-symlinks "s/\({{{ VARIABLE }}} *= *\).*/\1$var_password_pam_{{{ VARIABLE }}}/" /etc/pam.d/system-auth
else
	sed -i --follow-symlinks "/pam_cracklib.so/ s/$/ {{{ VARIABLE }}}=$var_password_pam_{{{ VARIABLE }}}/" /etc/pam.d/system-auth
fi

{{% else %}}

replace_or_append '/etc/security/pwquality.conf' '^{{{ VARIABLE }}}' $var_password_pam_{{{ VARIABLE }}} '@CCENUM@' '%s = %s'

{{% endif %}}
