Description: A custom profile can be created by copying and customizing one of the default profiles. The default profiles include: sssd, winbind, or the nis. This profile can then be customized to follow site specific requirements. Rationale: A custom profile is required to customize many of the pam options. When you deploy a profile, the profile is applied to every user logging into the given host. Audit: List the custom profile(s) Run the following command: # authselect list | grep `^-s*custom` Verify that the current custom authselect profile is in use on the system Run the following command: # head -1 /etc/authselect/authselect.conf | grep `custom/` Fix: Run the following command to include the `with-faillock` option to the current authselect profile # authselect create-profile <custom-profile name> <options> Run the following command to select a custom authselect profile: # authselect select custom/&CUSTOM PROFILE NAME> {with-&OPTIONS>}

[yes/No]

Run the following command to create a custom authselect profile # authselect create-profile <custom-profile name> <options> Run the following command to select a custom authselect profile: # authselect select custom/&CUSTOM PROFILE NAME> {with-&OPTIONS>