From 3a707be38e830208f722f96f26ce26b12aa93203 Mon Sep 17 00:00:00 2001
From: ComplianceAsCode development team
 <scap-security-guide@lists.fedorahosted.org>
Date: Wed, 7 Feb 2024 20:48:37 -0500
Subject: [PATCH] Updated defaults/main.yml

---
 defaults/main.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/defaults/main.yml b/defaults/main.yml
index d768094..39fe39e 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -21,8 +21,10 @@ var_account_disable_post_pw_expiration: '30'
 var_accounts_maximum_age_login_defs: '365'
 var_accounts_minimum_age_login_defs: '1'
 var_accounts_password_warn_age_login_defs: '7'
+var_pam_wheel_group_for_su: sugroup
 var_accounts_tmout: '900'
 var_accounts_user_umask: '027'
+var_accounts_passwords_pam_faillock_dir: /var/run/faillock
 var_auditd_action_mail_acct: root
 var_auditd_admin_space_left_action: halt
 var_auditd_max_log_file: '6'
@@ -170,6 +172,7 @@ disable_strategy: true
 enable_authselect: true
 enable_strategy: true
 ensure_gpgcheck_globally_activated: true
+ensure_pam_wheel_group_empty: true
 file_at_deny_not_exist: true
 file_cron_deny_not_exist: true
 file_groupowner_at_allow: true
@@ -395,4 +398,5 @@ sysctl_net_ipv6_conf_default_accept_redirects: true
 sysctl_net_ipv6_conf_default_accept_source_route: true
 unknown_severity: true
 unknown_strategy: true
+use_pam_wheel_group_for_su: true
 wireless_disable_interfaces: true