ComplianceAsCode
diff --git a/‎linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml‎
Lines changed: 0 additions & 11 deletions b/‎linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml‎
Lines changed: 0 additions & 11 deletions
diff --git a/‎linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh‎
Lines changed: 0 additions & 4 deletions b/‎linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh‎
Lines changed: 0 additions & 4 deletions
diff --git a/‎linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/oval/shared.xml‎
Lines changed: 0 additions & 21 deletions b/‎linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/oval/shared.xml‎
Lines changed: 0 additions & 21 deletions
diff --git a/‎linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml‎
Lines changed: 11 additions & 0 deletions b/‎linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/ansible/shared.yml‎
Lines changed: 0 additions & 14 deletions b/‎linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/ansible/shared.yml‎
Lines changed: 0 additions & 14 deletions
diff --git a/‎linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/bash/shared.sh‎
Lines changed: 0 additions & 15 deletions b/‎linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/bash/shared.sh‎
Lines changed: 0 additions & 15 deletions
diff --git a/‎linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/oval/shared.xml‎
Lines changed: 0 additions & 31 deletions b/‎linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/oval/shared.xml‎
Lines changed: 0 additions & 31 deletions
diff --git a/‎linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/rule.yml‎
Lines changed: 16 additions & 1 deletion b/‎linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/rule.yml‎
Lines changed: 16 additions & 1 deletion
@@ -61,3 +61,14 @@ vuldiscussion: |-
     When operating systems provide the capability to escalate a functional capability, it is critical the user re-authenticate.
 
 platform: package[pam]
+
+template:
+  name: pam_options
+  vars:
+    path: /etc/pam.d/su
+    type: auth
+    control_flag: required
+    module: pam_wheel.so
+    arguments:
+      - argument: use_uid
+        new_argument: use_uid
@@ -37,9 +37,24 @@ ocil: |-
     Run the following command to check if the line is present:
     <pre>grep pam_wheel /etc/pam.d/su</pre>
     The output should contain the following line:
-    <pre>auth required pam_wheel.so use_uid group={{{ xccdf_value("var_pam_wheel_group_for_su") }}}</pre>
+    <pre>auth required pam_wheel.so use_uid group={{{ xccdf_value("var_pam_wheel_group_for_su.var") }}}</pre>
 
 warnings:
     - general: |-
         Note that <tt>ensure_pam_wheel_group_empty</tt> rule complements this requirement by
         ensuring the referenced group exists and has no members.
+
+template:
+  name: pam_options
+  vars:
+    path: /etc/pam.d/su
+    type: auth
+    control_flag: required
+    module: pam_wheel.so
+    arguments:
+      - variable: group
+        variable_name: var_pam_wheel_group_for_su
+        operation: equals
+        datatype: string
+      - argument: use_uid
+        new_argument: use_uid