From eea0ffab6bfe29eebf9f4b3e9c117b2f3d845169 Mon Sep 17 00:00:00 2001
From: Alexandre Skrzyniarz <alexandre.skrzyniarz@laposte.net>
Date: Wed, 3 Apr 2024 12:16:31 +0200
Subject: [PATCH] add a pam_account_password_faillock_deny tenplate

and rewrite accounts_passwords_pam_faillock_deny rule to use the
template.
---
 .../oval/debian.xml                           |   1 -
 .../oval/openeuler.xml                        | 291 -----------------
 .../oval/shared.xml                           | 291 -----------------
 .../oval/ubuntu.xml                           | 201 ------------
 .../rule.yml                                  |   3 +
 .../ansible.template                          |   0
 .../bash.template                             |   0
 .../oval.template                             | 298 ++++++++++++++++++
 .../template.yml                              |   4 +
 .../tests/authselect_modified_pam.fail.sh     |   0
 .../conflicting_settings_authselect.fail.sh   |   0
 .../pam_faillock_conflicting_settings.fail.sh |   0
 .../tests/pam_faillock_disabled.fail.sh       |   0
 ...am_faillock_expected_faillock_conf.pass.sh |   0
 .../pam_faillock_expected_pam_files.pass.sh   |   0
 ...pam_faillock_lenient_faillock_conf.fail.sh |   0
 .../pam_faillock_lenient_pam_files.fail.sh    |   0
 ...ck_multiple_pam_unix_faillock_conf.fail.sh |   0
 ...illock_multiple_pam_unix_pam_files.fail.sh |   0
 ...am_faillock_not_required_pam_files.fail.sh |   0
 ...am_faillock_stricter_faillock_conf.pass.sh |   0
 .../pam_faillock_stricter_pam_files.pass.sh   |   0
 .../tests/ubuntu_commented_values.fail.sh     |   0
 .../tests/ubuntu_common.sh                    |   0
 .../tests/ubuntu_correct.pass.sh              |   0
 .../tests/ubuntu_correct_pamd.pass.sh         |   0
 .../tests/ubuntu_empty_faillock_conf.fail.sh  |   0
 .../tests/ubuntu_missing_pamd.fail.sh         |   0
 .../tests/ubuntu_multiple_pam_unix.fail.sh    |   0
 .../tests/ubuntu_wrong_value.fail.sh          |   0
 30 files changed, 305 insertions(+), 784 deletions(-)
 delete mode 120000 linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/oval/debian.xml
 delete mode 100644 linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/oval/openeuler.xml
 delete mode 100644 linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/oval/shared.xml
 delete mode 100644 linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/oval/ubuntu.xml
 rename linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml => shared/templates/pam_account_password_faillock_deny/ansible.template (100%)
 rename linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh => shared/templates/pam_account_password_faillock_deny/bash.template (100%)
 create mode 100644 shared/templates/pam_account_password_faillock_deny/oval.template
 create mode 100644 shared/templates/pam_account_password_faillock_deny/template.yml
 rename {linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny => shared/templates/pam_account_password_faillock_deny}/tests/authselect_modified_pam.fail.sh (100%)
 rename {linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny => shared/templates/pam_account_password_faillock_deny}/tests/conflicting_settings_authselect.fail.sh (100%)
 rename {linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny => shared/templates/pam_account_password_faillock_deny}/tests/pam_faillock_conflicting_settings.fail.sh (100%)
 rename {linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny => shared/templates/pam_account_password_faillock_deny}/tests/pam_faillock_disabled.fail.sh (100%)
 rename {linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny => shared/templates/pam_account_password_faillock_deny}/tests/pam_faillock_expected_faillock_conf.pass.sh (100%)
 rename {linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny => shared/templates/pam_account_password_faillock_deny}/tests/pam_faillock_expected_pam_files.pass.sh (100%)
 rename {linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny => shared/templates/pam_account_password_faillock_deny}/tests/pam_faillock_lenient_faillock_conf.fail.sh (100%)
 rename {linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny => shared/templates/pam_account_password_faillock_deny}/tests/pam_faillock_lenient_pam_files.fail.sh (100%)
 rename {linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny => shared/templates/pam_account_password_faillock_deny}/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh (100%)
 rename {linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny => shared/templates/pam_account_password_faillock_deny}/tests/pam_faillock_multiple_pam_unix_pam_files.fail.sh (100%)
 rename {linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny => shared/templates/pam_account_password_faillock_deny}/tests/pam_faillock_not_required_pam_files.fail.sh (100%)
 rename {linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny => shared/templates/pam_account_password_faillock_deny}/tests/pam_faillock_stricter_faillock_conf.pass.sh (100%)
 rename {linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny => shared/templates/pam_account_password_faillock_deny}/tests/pam_faillock_stricter_pam_files.pass.sh (100%)
 rename {linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny => shared/templates/pam_account_password_faillock_deny}/tests/ubuntu_commented_values.fail.sh (100%)
 rename {linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny => shared/templates/pam_account_password_faillock_deny}/tests/ubuntu_common.sh (100%)
 rename {linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny => shared/templates/pam_account_password_faillock_deny}/tests/ubuntu_correct.pass.sh (100%)
 rename {linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny => shared/templates/pam_account_password_faillock_deny}/tests/ubuntu_correct_pamd.pass.sh (100%)
 rename {linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny => shared/templates/pam_account_password_faillock_deny}/tests/ubuntu_empty_faillock_conf.fail.sh (100%)
 rename {linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny => shared/templates/pam_account_password_faillock_deny}/tests/ubuntu_missing_pamd.fail.sh (100%)
 rename {linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny => shared/templates/pam_account_password_faillock_deny}/tests/ubuntu_multiple_pam_unix.fail.sh (100%)
 rename {linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny => shared/templates/pam_account_password_faillock_deny}/tests/ubuntu_wrong_value.fail.sh (100%)

diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/oval/debian.xml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/oval/debian.xml
deleted file mode 120000
index 70f08ba8db12..000000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/oval/debian.xml
+++ /dev/null
@@ -1 +0,0 @@
-ubuntu.xml
\ No newline at end of file
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/oval/openeuler.xml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/oval/openeuler.xml
deleted file mode 100644
index 0abb80d8d5de..000000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/oval/openeuler.xml
+++ /dev/null
@@ -1,291 +0,0 @@
-<def-group>
-  <definition class="compliance" id="{{{ rule_id }}}" version="5">
-    {{{ oval_metadata("Lockout account after failed login attempts") }}}
-    <criteria operator="AND" comment="Check the proper configuration of pam_faillock.so">
-      <criteria operator="AND" comment="Check if pam_faillock.so is properly enabled">
-        <!-- pam_unix.so is a control module present in all realistic scenarios and also used
-             as reference for the correct position of pam_faillock.so in auth section. If the
-             system is properly configured, it must appear only once in auth section. -->
-        <criteria operator="AND"
-                  comment="Count occurrences of pam_unix.so in system-auth and password-auth">
-          <criterion test_ref="test_accounts_passwords_pam_faillock_deny_system_pam_unix_auth"
-                     comment="pam_unix.so appears only once in auth section of system-auth"/>
-          <criterion test_ref="test_accounts_passwords_pam_faillock_deny_password_pam_unix_auth"
-                     comment="pam_unix.so appears only once in auth section of password-auth"/>
-        </criteria>
-
-        <!-- pam_faillock.so parameters can be defined directly in pam files or, in newer
-             versions, in /etc/security/faillock.conf. The last is the recommended option when
-             available. Also, is the option used by auselect tool. However, regardless the
-             approach, a minimal declaration is common in pam files. -->
-        <criteria operator="AND" comment="Check common definition of pam_faillock.so">
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_deny_system_pam_faillock_auth"
-              comment="pam_faillock.so is properly defined in auth section of system-auth"/>
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_deny_system_pam_faillock_account"
-              comment="pam_faillock.so is properly defined in account section of system-auth"/>
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_deny_password_pam_faillock_auth"
-              comment="pam_faillock.so is properly defined in auth section of password-auth"/>
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_deny_password_pam_faillock_account"
-              comment="pam_faillock.so is properly defined in account section of password-auth"/>
-        </criteria>
-      </criteria>
-
-      <!-- pam_faillock.so parameters should be defined in /etc/security/faillock.conf whenever
-           possible. But due to backwards compatibility, they are also allowed in pam files
-           directly. In case they are defined in both places, pam files have precedence and this
-           may confuse the assessment. The following tests ensure only one option is used. Note
-           that if faillock.conf is available, authselect tool only manage parameters on it -->
-      <criteria operator="OR" comment="Check expected value for pam_faillock.so deny parameter">
-        <criteria operator="AND"
-                  comment="Check expected pam_faillock.so deny parameter in pam files">
-          <criterion
-                test_ref="test_accounts_passwords_pam_faillock_deny_parameter_pamd_system"
-                comment="Check the deny parameter in auth section of system-auth file"/>
-          <criterion
-                test_ref="test_accounts_passwords_pam_faillock_deny_parameter_pamd_password"
-                comment="Check the deny parameter in auth section of password-auth file"/>
-          <criterion
-                test_ref="test_accounts_passwords_pam_faillock_deny_parameter_no_faillock_conf"
-                comment="Ensure /etc/security/faillock.conf is not used together with pam files"/>
-        </criteria>
-        <criteria operator="AND"
-                  comment="Check expected pam_faillock.so deny parameter in faillock.conf">
-          <criterion
-                test_ref="test_accounts_passwords_pam_faillock_deny_parameter_no_pamd_system"
-                comment="Check the deny parameter is not present system-auth file"/>
-          <criterion
-                test_ref="test_accounts_passwords_pam_faillock_deny_parameter_no_pamd_password"
-                comment="Check the deny parameter is not present password-auth file"/>
-          <criterion
-                test_ref="test_accounts_passwords_pam_faillock_deny_parameter_faillock_conf"
-                comment="Ensure the deny parameter is present in /etc/security/faillock.conf"/>
-        </criteria>
-      </criteria>
-    </criteria>
-  </definition>
-
-  <!-- The following tests demand complex regex which are necessary more than once.
-       These variables make simpler the usage of regex patterns. -->
-  <constant_variable id="var_accounts_passwords_pam_faillock_deny_pam_unix_regex"
-                datatype="string" version="1"
-                comment="regex to identify pam_unix.so in auth section of pam files">
-    <value>^[\s]*auth\N+pam_unix\.so</value>
-  </constant_variable>
-
-  <constant_variable id="var_accounts_passwords_pam_faillock_deny_pam_faillock_auth_regex"
-                datatype="string" version="1"
-                comment="regex to identify pam_faillock.so entries in auth section of pam files">
-    <value>^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)?(?=.*?\bnew_authtok_reqd=ok\b)?(?=.*?\bignore=ignore\b)?(?=.*?\bdefault=bad\b)?.*\])[\s]+pam_faillock\.so[\s\w\d=]+preauth[\s\S]*^[\s]*auth[\s]+(sufficient|\[(?=.*\bsuccess=done\b)?(?=.*?\bnew_authtok_reqd=done\b)?(?=.*?\bdefault=ignore\b)?.*\])[\s]+pam_unix\.so[\s\S]*^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)?(?=.*?\bnew_authtok_reqd=ok\b)?(?=.*?\bignore=ignore\b)?(?=.*?\bdefault=die\b)?.*\])[\s]+pam_faillock\.so[\s\w\d=]+authfail</value>
-  </constant_variable>
-
-  <constant_variable id="var_accounts_passwords_pam_faillock_deny_pam_faillock_account_regex"
-                datatype="string" version="1"
-                comment="regex to identify pam_faillock.so entry in account section of pam files">
-    <value>^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=ok\b)?(?=.*?\bnew_authtok_reqd=ok\b)?(?=.*?\bignore=ignore\b)?(?=.*?\bdefault=bad\b)?.*\])[\s]+pam_unix\.so[\s\S]*^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=ok\b)?(?=.*?\bnew_authtok_reqd=ok\b)?(?=.*?\bignore=ignore\b)?(?=.*?\bdefault=bad\b)?.*\])[\s]+pam_faillock\.so</value>
-  </constant_variable>
-
-  <constant_variable
-              id="var_accounts_passwords_pam_faillock_deny_pam_faillock_deny_parameter_regex"
-              datatype="string" version="1"
-              comment="regex to identify pam_faillock.so deny entry in auth section of pam files">
-    <value>^[\s]*auth[\s]+.+[\s]+pam_faillock.so[\s]+[^\n]*deny=([0-9]+)</value>
-  </constant_variable>
-
-  <constant_variable
-              id="var_accounts_passwords_pam_faillock_deny_faillock_conf_deny_parameter_regex"
-              datatype="string" version="1"
-              comment="regex to identify deny entry in /etc/security/faillock.conf">
-    <value>^[\s]*deny[\s]*=[\s]*([0-9]+)</value>
-  </constant_variable>
-
-  <!-- Check occurrences of pam_unix.so in auth section of system-auth file -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_deny_system_pam_unix_auth"
-        comment="Get the second and subsequent occurrences of pam_unix.so in auth section of system-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/system-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_deny_pam_unix_regex"/>
-    <!-- It is not expected to find a second instance of this pattern -->
-    <ind:instance datatype="int" operation="greater than">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_system_pam_unix_auth"
-        comment="No more than one pam_unix.so is expected in auth section of system-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_system_pam_unix_auth"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check occurrences of pam_unix.so in auth section in password-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_deny_password_pam_unix_auth"
-        comment="Get the second and subsequent occurrences of pam_unix.so in auth section of password-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/password-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_deny_pam_unix_regex"/>
-    <ind:instance datatype="int" operation="greater than">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_password_pam_unix_auth"
-        comment="No more than one pam_unix.so is expected in auth section of password-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_password_pam_unix_auth"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check common definition of pam_faillock.so in system-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_deny_system_pam_faillock_auth"
-        comment="Check common definition of pam_faillock.so in auth section of system-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/system-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_deny_pam_faillock_auth_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="only_one_exists" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_system_pam_faillock_auth"
-        comment="One and only one occurrence is expected in auth section of system-auth">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_deny_system_pam_faillock_auth"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_deny_system_pam_faillock_account"
-        comment="Check common definition of pam_faillock.so in account section of system-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/system-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_deny_pam_faillock_account_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="only_one_exists" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_system_pam_faillock_account"
-        comment="One and only one occurrence is expected in auth section of system-auth">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_deny_system_pam_faillock_account"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check common definition of pam_faillock.so in password-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_deny_password_pam_faillock_auth"
-        comment="Check common definition of pam_faillock.so in auth section of password-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/password-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_deny_pam_faillock_auth_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="only_one_exists" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_password_pam_faillock_auth"
-        comment="One and only one occurrence is expected in auth section of password-auth">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_deny_password_pam_faillock_auth"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_deny_password_pam_faillock_account"
-        comment="Check common definition of pam_faillock.so in account section of password-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/password-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_deny_pam_faillock_account_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="only_one_exists" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_password_pam_faillock_account"
-        comment="One and only one occurrence is expected in auth section of password-auth">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_deny_password_pam_faillock_account"/>
-  </ind:textfilecontent54_test>
-
-  <!-- boundaries to test the parameter value -->
-  <!-- Specify the required external variable & create corresponding state from it -->
-  <external_variable id="var_accounts_passwords_pam_faillock_deny" datatype="int"
-                     comment="number of failed login attempts allowed" version="1"/>
-
-  <ind:textfilecontent54_state version="1"
-        id="state_accounts_passwords_pam_faillock_deny_parameter_upper_bound">
-    <ind:subexpression datatype="int" operation="less than or equal"
-                       var_ref="var_accounts_passwords_pam_faillock_deny"/>
-  </ind:textfilecontent54_state>
-
-  <ind:textfilecontent54_state version="1"
-        id="state_accounts_passwords_pam_faillock_deny_parameter_lower_bound">
-    <ind:subexpression datatype="int" operation="greater than">0</ind:subexpression>
-  </ind:textfilecontent54_state>
-
-  <!-- Check the pam_faillock.so deny parameter in system-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_deny_parameter_pamd_system"
-        comment="Get the pam_faillock.so deny parameter from system-auth file">
-    <ind:filepath operation="pattern match">^/etc/pam.d/system-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-            var_ref="var_accounts_passwords_pam_faillock_deny_pam_faillock_deny_parameter_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_parameter_pamd_system"
-        comment="Check the expected deny value in system-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_parameter_pamd_system"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_deny_parameter_upper_bound"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_deny_parameter_lower_bound"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_parameter_no_pamd_system"
-        comment="Check the absence of deny parameter in system-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_parameter_pamd_system"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check the pam_faillock.so deny parameter in password-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_deny_parameter_pamd_password"
-        comment="Get the pam_faillock.so deny parameter from password-auth file">
-    <ind:filepath operation="pattern match">^/etc/pam.d/password-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-            var_ref="var_accounts_passwords_pam_faillock_deny_pam_faillock_deny_parameter_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_parameter_pamd_password"
-        comment="Check the expected deny value in password-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_parameter_pamd_password"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_deny_parameter_upper_bound"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_deny_parameter_lower_bound"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_parameter_no_pamd_password"
-        comment="Check the absence of deny parameter in password-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_parameter_pamd_password"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check pam_faillock.so deny parameter in /etc/security/faillock.conf -->
-  <ind:textfilecontent54_object version="1"
-      id="object_accounts_passwords_pam_faillock_deny_parameter_faillock_conf"
-      comment="Check the expected pam_faillock.so deny parameter in /etc/security/faillock.conf">
-    <ind:filepath operation="pattern match">^/etc/security/faillock.conf$</ind:filepath>
-    <ind:pattern operation="pattern match"
-          var_ref="var_accounts_passwords_pam_faillock_deny_faillock_conf_deny_parameter_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_parameter_faillock_conf"
-        comment="Check the expected deny value in in /etc/security/faillock.conf">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_parameter_faillock_conf"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_deny_parameter_upper_bound"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_deny_parameter_lower_bound"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_parameter_no_faillock_conf"
-        comment="Check the absence of deny parameter in /etc/security/faillock.conf">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_parameter_faillock_conf"/>
-  </ind:textfilecontent54_test>
-</def-group>
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/oval/shared.xml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/oval/shared.xml
deleted file mode 100644
index 4c3b56ba06c2..000000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/oval/shared.xml
+++ /dev/null
@@ -1,291 +0,0 @@
-<def-group>
-  <definition class="compliance" id="{{{ rule_id }}}" version="5">
-    {{{ oval_metadata("Lockout account after failed login attempts") }}}
-    <criteria operator="AND" comment="Check the proper configuration of pam_faillock.so">
-      <criteria operator="AND" comment="Check if pam_faillock.so is properly enabled">
-        <!-- pam_unix.so is a control module present in all realistic scenarios and also used
-             as reference for the correct position of pam_faillock.so in auth section. If the
-             system is properly configured, it must appear only once in auth section. -->
-        <criteria operator="AND"
-                  comment="Count occurrences of pam_unix.so in system-auth and password-auth">
-          <criterion test_ref="test_accounts_passwords_pam_faillock_deny_system_pam_unix_auth"
-                     comment="pam_unix.so appears only once in auth section of system-auth"/>
-          <criterion test_ref="test_accounts_passwords_pam_faillock_deny_password_pam_unix_auth"
-                     comment="pam_unix.so appears only once in auth section of password-auth"/>
-        </criteria>
-
-        <!-- pam_faillock.so parameters can be defined directly in pam files or, in newer
-             versions, in /etc/security/faillock.conf. The last is the recommended option when
-             available. Also, is the option used by auselect tool. However, regardless the
-             approach, a minimal declaration is common in pam files. -->
-        <criteria operator="AND" comment="Check common definition of pam_faillock.so">
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_deny_system_pam_faillock_auth"
-              comment="pam_faillock.so is properly defined in auth section of system-auth"/>
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_deny_system_pam_faillock_account"
-              comment="pam_faillock.so is properly defined in account section of system-auth"/>
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_deny_password_pam_faillock_auth"
-              comment="pam_faillock.so is properly defined in auth section of password-auth"/>
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_deny_password_pam_faillock_account"
-              comment="pam_faillock.so is properly defined in account section of password-auth"/>
-        </criteria>
-      </criteria>
-
-      <!-- pam_faillock.so parameters should be defined in /etc/security/faillock.conf whenever
-           possible. But due to backwards compatibility, they are also allowed in pam files
-           directly. In case they are defined in both places, pam files have precedence and this
-           may confuse the assessment. The following tests ensure only one option is used. Note
-           that if faillock.conf is available, authselect tool only manage parameters on it -->
-      <criteria operator="OR" comment="Check expected value for pam_faillock.so deny parameter">
-        <criteria operator="AND"
-                  comment="Check expected pam_faillock.so deny parameter in pam files">
-          <criterion
-                test_ref="test_accounts_passwords_pam_faillock_deny_parameter_pamd_system"
-                comment="Check the deny parameter in auth section of system-auth file"/>
-          <criterion
-                test_ref="test_accounts_passwords_pam_faillock_deny_parameter_pamd_password"
-                comment="Check the deny parameter in auth section of password-auth file"/>
-          <criterion
-                test_ref="test_accounts_passwords_pam_faillock_deny_parameter_no_faillock_conf"
-                comment="Ensure /etc/security/faillock.conf is not used together with pam files"/>
-        </criteria>
-        <criteria operator="AND"
-                  comment="Check expected pam_faillock.so deny parameter in faillock.conf">
-          <criterion
-                test_ref="test_accounts_passwords_pam_faillock_deny_parameter_no_pamd_system"
-                comment="Check the deny parameter is not present system-auth file"/>
-          <criterion
-                test_ref="test_accounts_passwords_pam_faillock_deny_parameter_no_pamd_password"
-                comment="Check the deny parameter is not present password-auth file"/>
-          <criterion
-                test_ref="test_accounts_passwords_pam_faillock_deny_parameter_faillock_conf"
-                comment="Ensure the deny parameter is present in /etc/security/faillock.conf"/>
-        </criteria>
-      </criteria>
-    </criteria>
-  </definition>
-
-  <!-- The following tests demand complex regex which are necessary more than once.
-       These variables make simpler the usage of regex patterns. -->
-  <constant_variable id="var_accounts_passwords_pam_faillock_deny_pam_unix_regex"
-                datatype="string" version="1"
-                comment="regex to identify pam_unix.so in auth section of pam files">
-    <value>^[\s]*auth\N+pam_unix\.so</value>
-  </constant_variable>
-
-  <constant_variable id="var_accounts_passwords_pam_faillock_deny_pam_faillock_auth_regex"
-                datatype="string" version="1"
-                comment="regex to identify pam_faillock.so entries in auth section of pam files">
-    <value>^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_faillock\.so[\s\w\d=]+preauth[\s\S]*^[\s]*auth[\s]+(sufficient|\[(?=.*\bsuccess=done\b)(?=.*?\bnew_authtok_reqd=done\b)(?=.*?\bdefault=ignore\b).*\])[\s]+pam_unix\.so[\s\S]*^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_faillock\.so[\s\w\d=]+authfail</value>
-  </constant_variable>
-
-  <constant_variable id="var_accounts_passwords_pam_faillock_deny_pam_faillock_account_regex"
-                datatype="string" version="1"
-                comment="regex to identify pam_faillock.so entry in account section of pam files">
-    <value>^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_faillock\.so[\s\S]*^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_unix\.so</value>
-  </constant_variable>
-
-  <constant_variable
-              id="var_accounts_passwords_pam_faillock_deny_pam_faillock_deny_parameter_regex"
-              datatype="string" version="1"
-              comment="regex to identify pam_faillock.so deny entry in auth section of pam files">
-    <value>^[\s]*auth[\s]+.+[\s]+pam_faillock.so[\s]+[^\n]*deny=([0-9]+)</value>
-  </constant_variable>
-
-  <constant_variable
-              id="var_accounts_passwords_pam_faillock_deny_faillock_conf_deny_parameter_regex"
-              datatype="string" version="1"
-              comment="regex to identify deny entry in /etc/security/faillock.conf">
-    <value>^[\s]*deny[\s]*=[\s]*([0-9]+)</value>
-  </constant_variable>
-
-  <!-- Check occurrences of pam_unix.so in auth section of system-auth file -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_deny_system_pam_unix_auth"
-        comment="Get the second and subsequent occurrences of pam_unix.so in auth section of system-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/system-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_deny_pam_unix_regex"/>
-    <!-- It is not expected to find a second instance of this pattern -->
-    <ind:instance datatype="int" operation="greater than">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_system_pam_unix_auth"
-        comment="No more than one pam_unix.so is expected in auth section of system-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_system_pam_unix_auth"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check occurrences of pam_unix.so in auth section in password-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_deny_password_pam_unix_auth"
-        comment="Get the second and subsequent occurrences of pam_unix.so in auth section of password-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/password-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_deny_pam_unix_regex"/>
-    <ind:instance datatype="int" operation="greater than">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_password_pam_unix_auth"
-        comment="No more than one pam_unix.so is expected in auth section of password-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_password_pam_unix_auth"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check common definition of pam_faillock.so in system-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_deny_system_pam_faillock_auth"
-        comment="Check common definition of pam_faillock.so in auth section of system-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/system-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_deny_pam_faillock_auth_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="only_one_exists" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_system_pam_faillock_auth"
-        comment="One and only one occurrence is expected in auth section of system-auth">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_deny_system_pam_faillock_auth"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_deny_system_pam_faillock_account"
-        comment="Check common definition of pam_faillock.so in account section of system-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/system-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_deny_pam_faillock_account_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="only_one_exists" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_system_pam_faillock_account"
-        comment="One and only one occurrence is expected in auth section of system-auth">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_deny_system_pam_faillock_account"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check common definition of pam_faillock.so in password-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_deny_password_pam_faillock_auth"
-        comment="Check common definition of pam_faillock.so in auth section of password-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/password-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_deny_pam_faillock_auth_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="only_one_exists" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_password_pam_faillock_auth"
-        comment="One and only one occurrence is expected in auth section of password-auth">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_deny_password_pam_faillock_auth"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_deny_password_pam_faillock_account"
-        comment="Check common definition of pam_faillock.so in account section of password-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/password-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_deny_pam_faillock_account_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="only_one_exists" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_password_pam_faillock_account"
-        comment="One and only one occurrence is expected in auth section of password-auth">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_deny_password_pam_faillock_account"/>
-  </ind:textfilecontent54_test>
-
-  <!-- boundaries to test the parameter value -->
-  <!-- Specify the required external variable & create corresponding state from it -->
-  <external_variable id="var_accounts_passwords_pam_faillock_deny" datatype="int"
-                     comment="number of failed login attempts allowed" version="1"/>
-
-  <ind:textfilecontent54_state version="1"
-        id="state_accounts_passwords_pam_faillock_deny_parameter_upper_bound">
-    <ind:subexpression datatype="int" operation="less than or equal"
-                       var_ref="var_accounts_passwords_pam_faillock_deny"/>
-  </ind:textfilecontent54_state>
-
-  <ind:textfilecontent54_state version="1"
-        id="state_accounts_passwords_pam_faillock_deny_parameter_lower_bound">
-    <ind:subexpression datatype="int" operation="greater than">0</ind:subexpression>
-  </ind:textfilecontent54_state>
-
-  <!-- Check the pam_faillock.so deny parameter in system-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_deny_parameter_pamd_system"
-        comment="Get the pam_faillock.so deny parameter from system-auth file">
-    <ind:filepath operation="pattern match">^/etc/pam.d/system-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-            var_ref="var_accounts_passwords_pam_faillock_deny_pam_faillock_deny_parameter_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_parameter_pamd_system"
-        comment="Check the expected deny value in system-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_parameter_pamd_system"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_deny_parameter_upper_bound"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_deny_parameter_lower_bound"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_parameter_no_pamd_system"
-        comment="Check the absence of deny parameter in system-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_parameter_pamd_system"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check the pam_faillock.so deny parameter in password-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_deny_parameter_pamd_password"
-        comment="Get the pam_faillock.so deny parameter from password-auth file">
-    <ind:filepath operation="pattern match">^/etc/pam.d/password-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-            var_ref="var_accounts_passwords_pam_faillock_deny_pam_faillock_deny_parameter_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_parameter_pamd_password"
-        comment="Check the expected deny value in password-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_parameter_pamd_password"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_deny_parameter_upper_bound"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_deny_parameter_lower_bound"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_parameter_no_pamd_password"
-        comment="Check the absence of deny parameter in password-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_parameter_pamd_password"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check pam_faillock.so deny parameter in /etc/security/faillock.conf -->
-  <ind:textfilecontent54_object version="1"
-      id="object_accounts_passwords_pam_faillock_deny_parameter_faillock_conf"
-      comment="Check the expected pam_faillock.so deny parameter in /etc/security/faillock.conf">
-    <ind:filepath operation="pattern match">^/etc/security/faillock.conf$</ind:filepath>
-    <ind:pattern operation="pattern match"
-          var_ref="var_accounts_passwords_pam_faillock_deny_faillock_conf_deny_parameter_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_parameter_faillock_conf"
-        comment="Check the expected deny value in in /etc/security/faillock.conf">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_parameter_faillock_conf"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_deny_parameter_upper_bound"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_deny_parameter_lower_bound"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_parameter_no_faillock_conf"
-        comment="Check the absence of deny parameter in /etc/security/faillock.conf">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_parameter_faillock_conf"/>
-  </ind:textfilecontent54_test>
-</def-group>
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/oval/ubuntu.xml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/oval/ubuntu.xml
deleted file mode 100644
index 443a85b29346..000000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/oval/ubuntu.xml
+++ /dev/null
@@ -1,201 +0,0 @@
-{{# Very similar OVAL is used in several rules, differing primarily in faillock.so parameter. #}}
-{{# For transferability, we define the parameter and corresponding regular expressions in jinja. #}}
-{{# The rules should ideally use a single template. #}}
-
-{{% set prm_name = "deny" %}}
-{{% set prm_regex_conf = "^[\s]*deny[\s]*=[\s]*([0-9]+)" %}}
-{{% set prm_regex_pamd = "^[\s]*auth[\s]+.+[\s]+pam_faillock.so[\s]+[^\n]*deny=([0-9]+)" %}}
-{{% set ext_variable = "var_accounts_passwords_pam_faillock_deny" %}}
-{{% set description = "Lockout account after failed login attempts." %}}
-
-<def-group>
-  <definition class="compliance" id="{{{ rule_id }}}" version="2">
-    {{{ oval_metadata(description) }}}
-    <criteria operator="AND" comment="Check the proper configuration of pam_faillock.so">
-      <criteria operator="AND" comment="Check if pam_faillock.so is properly enabled">
-        <!-- pam_unix.so is a control module present in all realistic scenarios and also used
-             as reference for the correct position of pam_faillock.so in auth section. If the
-             system is properly configured, it must appear only once in auth section. -->
-        <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_unix_auth"
-            comment="pam_unix.so appears only once in auth section of common-auth"/>
-        <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_faillock_auth"
-            comment="pam_faillock.so is properly defined in auth section of common-auth"/>
-        <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_faillock_account"
-            comment="pam_faillock.so is properly defined in common-account"/>
-      </criteria>
-
-      <!-- pam_faillock.so parameters should be defined in /etc/security/faillock.conf whenever
-           possible. But due to backwards compatibility, they are also allowed in pam files
-           directly. In case they are defined in both places, pam files have precedence and this
-           may confuse the assessment. The following tests ensure only one option is used. -->
-      <criteria operator="OR" comment="Check expected value for pam_faillock.so {{{ prm_name }}} parameter">
-        <criteria operator="AND"
-            comment="Check expected pam_faillock.so {{{ prm_name }}} parameter in pam files">
-          <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_pamd_common"
-              comment="Check the {{{ prm_name }}} parameter is present common-auth file"/>
-          <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_no_faillock_conf"
-              comment="Ensure the {{{ prm_name }}} parameter is not present in /etc/security/faillock.conf"/>
-        </criteria>
-        <criteria operator="AND"
-            comment="Check expected pam_faillock.so {{{ prm_name }}} parameter in faillock.conf">
-          <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_no_pamd_common"
-              comment="Check the {{{ prm_name }}} parameter is not present common-auth file"/>
-          <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_faillock_conf"
-              comment="Ensure the {{{ prm_name }}} parameter is present in /etc/security/faillock.conf"/>
-        </criteria>
-      </criteria>
-    </criteria>
-  </definition>
-
-  <!-- The following tests demand complex regex which are necessary more than once.
-       These variables make simpler the usage of regex patterns. -->
-  <constant_variable id="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_unix_regex"
-                datatype="string" version="1"
-                comment="regex to identify pam_unix.so in auth section of pam files">
-    <value>^\s*auth.*pam_unix\.so</value>
-  </constant_variable>
-
-  <constant_variable id="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_faillock_auth_regex"
-                datatype="string" version="1"
-                comment="regex to identify pam_faillock.so entries in auth section of pam files">
-      <value>^\s*auth\s+required\s+pam_faillock\.so.*preauth.*[\s\S]*^\s*auth.*pam_unix\.so[\s\S]*^\s*auth\s+\[default=die\]\s+pam_faillock\.so\s+authfail[\s\S]*^\s*auth\s+sufficient\s+pam_faillock\.so\s+authsucc</value>
-  </constant_variable>
-
-  <constant_variable id="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_faillock_account_regex"
-                datatype="string" version="1"
-                comment="regex to identify pam_faillock.so entry in account section of pam files">
-    <value>^\s*account\s+required\s+pam_faillock\.so\s*(#.*)?$</value>
-  </constant_variable>
-
-  <constant_variable
-    id="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_faillock_{{{ prm_name }}}_parameter_regex"
-    datatype="string" version="1"
-    comment="regex to identify pam_faillock.so {{{ prm_name }}} entry in auth section of pam files">
-    <value>{{{ prm_regex_pamd }}}</value>
-  </constant_variable>
-
-  <constant_variable
-              id="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_faillock_conf_{{{ prm_name }}}_parameter_regex"
-              datatype="string" version="1"
-              comment="regex to identify {{{ prm_name }}} entry in /etc/security/faillock.conf">
-    <value>{{{ prm_regex_conf }}}</value>
-  </constant_variable>
-
-  <!-- Check occurrences of pam_unix.so in auth section of common-auth file -->
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_unix_auth"
-        comment="No more than one pam_unix.so is expected in auth section of common-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_unix_auth"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_unix_auth"
-        comment="Get the second and subsequent occurrences of pam_unix.so in auth section of common-auth">
-    <ind:filepath>/etc/pam.d/common-auth</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_unix_regex"/>
-    <ind:instance datatype="int" operation="greater than">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <!-- Check common definition of pam_faillock.so in common-auth -->
-  <ind:textfilecontent54_test check="all" check_existence="only_one_exists" version="1"
-        id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_faillock_auth"
-        comment="One and only one occurrence is expected in auth section of common-auth">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_faillock_auth"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_faillock_auth"
-        comment="Check common definition of pam_faillock.so in auth section of common-auth">
-    <ind:filepath>/etc/pam.d/common-auth</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_faillock_auth_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <!-- Check common definition of pam_faillock.so in common-account -->
-  <ind:textfilecontent54_test check="all" check_existence="only_one_exists" version="1"
-        id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_faillock_account"
-        comment="One and only one occurrence is expected in common-account">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_faillock_account"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_faillock_account"
-        comment="Check common definition of pam_faillock.so in account section of common-account">
-    <ind:filepath>/etc/pam.d/common-account</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_faillock_account_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-
-  <!-- boundaries to test the parameter value -->
-  <!-- Specify the required external variable & create corresponding state from it -->
-  <external_variable id="{{{ ext_variable }}}" datatype="int"
-                     comment="number of failed login attempts allowed" version="1"/>
-
-  <ind:textfilecontent54_state version="1"
-        id="state_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_upper_bound">
-    <ind:subexpression datatype="int" operation="less than or equal"
-          var_ref="{{{ ext_variable }}}"/>
-  </ind:textfilecontent54_state>
-
-  <ind:textfilecontent54_state version="1"
-        id="state_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_lower_bound">
-    <ind:subexpression datatype="int" operation="greater than">0</ind:subexpression>
-  </ind:textfilecontent54_state>
-
-  <!-- Check absence of {{{ prm_name }}} parameter in common-auth -->
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_no_pamd_common"
-        comment="Check the absence of {{{ prm_name }}} parameter in common-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_pamd_common"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check expected value of {{{ prm_name }}} parameter in common-auth -->
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_pamd_common"
-        comment="Check the expected {{{ prm_name }}} value in common-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_pamd_common"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_upper_bound"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_lower_bound"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_pamd_common"
-        comment="Get the pam_faillock.so {{{ prm_name }}} parameter from common-auth file">
-    <ind:filepath>/etc/pam.d/common-auth</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_faillock_{{{ prm_name }}}_parameter_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-
-  <!-- Check absence of {{{ prm_name }}} parameter in /etc/security/faillock.conf -->
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_no_faillock_conf"
-        comment="Check the absence of {{{ prm_name }}} parameter in /etc/security/faillock.conf">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_faillock_conf"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check expected value of {{{ prm_name }}} parameter in /etc/security/faillock.conf -->
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_faillock_conf"
-        comment="Check the expected {{{ prm_name }}} value in /etc/security/faillock.conf">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_faillock_conf"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_upper_bound"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_lower_bound"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object version="1"
-      id="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_faillock_conf"
-      comment="Check the expected pam_faillock.so {{{ prm_name }}} parameter in /etc/security/faillock.conf">
-    <ind:filepath>/etc/security/faillock.conf</ind:filepath>
-    <ind:pattern operation="pattern match"
-          var_ref="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_faillock_conf_{{{ prm_name }}}_parameter_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-</def-group>
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml
index 1e44643c60cb..7b4a749a6178 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml
@@ -131,3 +131,6 @@ warnings:
 
 srg_requirement: |-
     {{{ full_name }}} must automatically lock an account when three unsuccessful logon attempts occur.
+
+template:
+  name: pam_account_password_faillock_deny
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml b/shared/templates/pam_account_password_faillock_deny/ansible.template
similarity index 100%
rename from linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml
rename to shared/templates/pam_account_password_faillock_deny/ansible.template
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh b/shared/templates/pam_account_password_faillock_deny/bash.template
similarity index 100%
rename from linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh
rename to shared/templates/pam_account_password_faillock_deny/bash.template
diff --git a/shared/templates/pam_account_password_faillock_deny/oval.template b/shared/templates/pam_account_password_faillock_deny/oval.template
new file mode 100644
index 000000000000..54a7981edbf7
--- /dev/null
+++ b/shared/templates/pam_account_password_faillock_deny/oval.template
@@ -0,0 +1,298 @@
+{{# Very similar OVAL is used in several rules, differing primarily in faillock.so parameter. #}}
+{{# For transferability, we define the parameter and corresponding regular expressions in jinja. #}}
+{{# The rules should ideally use a single template. #}}
+
+{{% set prm_name = "deny" %}}
+{{% set prm_regex_conf = "^[\s]*deny[\s]*=[\s]*([0-9]+)" %}}
+{{% set prm_regex_pamd = "^[\s]*auth[\s]+.+[\s]+pam_faillock.so[\s]+[^\n]*deny=([0-9]+)" %}}
+{{% set ext_variable = "var_accounts_passwords_pam_faillock_deny" %}}
+{{% set description = "Lockout account after failed login attempts." %}}
+
+<def-group>
+  <definition class="compliance" id="{{{ rule_id }}}" version="6">
+    {{{ oval_metadata(description) }}}
+    <criteria operator="AND" comment="Check the proper configuration of pam_faillock.so">
+      <criteria operator="OR" comment="Check if pam_faillock.so is properly enabled">
+        <!-- pam_unix.so is a control module present in all realistic scenarios and also used
+             as reference for the correct position of pam_faillock.so in auth section. If the
+             system is properly configured, it must appear only once in auth section. -->
+	<criteria operator="AND" comment="Redhat family checks">
+	  <criteria operator="AND"
+		    comment="Count occurrences of pam_unix.so in system-auth and password-auth">
+	    <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_system_pam_unix_auth"
+		       comment="pam_unix.so appears only once in auth section of system-auth"/>
+	    <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_password_pam_unix_auth"
+                       comment="pam_unix.so appears only once in auth section of password-auth"/>
+	  </criteria>
+
+	  <!-- pam_faillock.so parameters can be defined directly in pam files or, in newer
+               versions, in /etc/security/faillock.conf. The last is the recommended option when
+               available. Also, is the option used by auselect tool. However, regardless the
+               approach, a minimal declaration is common in pam files. -->
+          <criteria operator="AND" comment="Check common definition of pam_faillock.so">
+            <criterion
+		test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_system_pam_faillock_auth"
+		comment="pam_faillock.so is properly defined in auth section of system-auth"/>
+            <criterion
+		test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_system_pam_faillock_account"
+		comment="pam_faillock.so is properly defined in account section of system-auth"/>
+            <criterion
+		test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_password_pam_faillock_auth"
+		comment="pam_faillock.so is properly defined in auth section of password-auth"/>
+            <criterion
+		test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_password_pam_faillock_account"
+		comment="pam_faillock.so is properly defined in account section of password-auth"/>
+          </criteria>
+	</criteria>
+
+	<!-- debian family -->
+	<criteria operator="AND" comment="Debian family checks">
+	  <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_unix_auth"
+		     comment="pam_unix.so appears only once in auth section of common-auth"/>
+          <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_faillock_auth"
+		     comment="pam_faillock.so is properly defined in auth section of common-auth"/>
+          <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_faillock_account"
+		     comment="pam_faillock.so is properly defined in common-account"/>
+	</criteria>
+      </criteria>
+
+      <!-- pam_faillock.so parameters should be defined in /etc/security/faillock.conf whenever
+           possible. But due to backwards compatibility, they are also allowed in pam files
+           directly. In case they are defined in both places, pam files have precedence and this
+           may confuse the assessment. The following tests ensure only one option is used. Note
+           that if faillock.conf is available, authselect tool only manage parameters on it -->
+      <criteria operator="OR" comment="Check expected value for pam_faillock.so {{{ prm_name }}} parameter">
+	<criteria operator="AND"
+		  comment="Check expected pam_faillock.so {{{ prm_name }}} parameter in pam files">
+	  <criteria operator="OR" comment="Redhat or Debian family">
+	    <criteria operator="AND" comment="Redhat family">
+	      <criterion
+                  test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_pamd_system"
+                  comment="Check the {{{ prm_name }}} parameter in auth section of system-auth file"/>
+              <criterion
+                  test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_pamd_password"
+                  comment="Check the {{{ prm_name }}} parameter in auth section of password-auth file"/>
+	    </criteria>
+	    <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_pamd_common"
+		       comment="Check the {{{ prm_name }}} parameter is present common-auth file"/>
+	  </criteria>
+	  <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_no_faillock_conf"
+		     comment="Ensure the {{{ prm_name }}} parameter is not present in /etc/security/faillock.conf"/>
+	</criteria>
+	<criteria operator="AND"
+		  comment="Check expected pam_faillock.so {{{ prm_name }}} parameter in faillock.conf">
+	  <criteria operator="OR" comment="Redhat or Debian family">
+	    <criteria operator="AND" comment="Redhat family">
+	      <criterion
+                  test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_no_pamd_system"
+                  comment="Check the {{{ prm_name }}} parameter is not present system-auth file"/>
+              <criterion
+                  test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_no_pamd_password"
+                  comment="Check the {{{ prm_name }}} parameter is not present password-auth file"/>
+	    </criteria>
+	    <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_no_pamd_common"
+		       comment="Check the {{{ prm_name }}} parameter is not present common-auth file"/>
+	  </criteria>
+	  <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_faillock_conf"
+		     comment="Ensure the {{{ prm_name }}} parameter is present in /etc/security/faillock.conf"/>
+	</criteria>
+      </criteria>
+    </criteria>
+  </definition>
+
+  <!-- The following tests demand complex regex which are necessary more than once.
+       These variables make simpler the usage of regex patterns. -->
+  <constant_variable id="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_unix_regex"
+                     datatype="string" version="2"
+                     comment="regex to identify pam_unix.so in auth section of pam files">
+    <value>^\s*auth\N+pam_unix\.so</value>
+  </constant_variable>
+
+  <constant_variable
+      id="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_faillock_auth_regex"
+      datatype="string" version="2"
+      comment="regex to identify pam_faillock.so entries in auth section of pam files">
+    {{% if 'debian' in product or 'ubuntu' in product %}}
+    <value>^\s*auth\s+required\s+pam_faillock\.so.*preauth.*[\s\S]*^\s*auth.*pam_unix\.so[\s\S]*^\s*auth\s+\[default=die\]\s+pam_faillock\.so\s+authfail[\s\S]*^\s*auth\s+sufficient\s+pam_faillock\.so\s+authsucc</value>
+    {{% elif 'openeuler' in product %}}
+    <value>^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)?(?=.*?\bnew_authtok_reqd=ok\b)?(?=.*?\bignore=ignore\b)?(?=.*?\bdefault=bad\b)?.*\])[\s]+pam_faillock\.so[\s\w\d=]+preauth[\s\S]*^[\s]*auth[\s]+(sufficient|\[(?=.*\bsuccess=done\b)?(?=.*?\bnew_authtok_reqd=done\b)?(?=.*?\bdefault=ignore\b)?.*\])[\s]+pam_unix\.so[\s\S]*^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)?(?=.*?\bnew_authtok_reqd=ok\b)?(?=.*?\bignore=ignore\b)?(?=.*?\bdefault=die\b)?.*\])[\s]+pam_faillock\.so[\s\w\d=]+authfail</value>
+    {{% else %}}
+    <value>^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_faillock\.so[\s\w\d=]+preauth[\s\S]*^[\s]*auth[\s]+(sufficient|\[(?=.*\bsuccess=done\b)(?=.*?\bnew_authtok_reqd=done\b)(?=.*?\bdefault=ignore\b).*\])[\s]+pam_unix\.so[\s\S]*^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_faillock\.so[\s\w\d=]+authfail</value>
+    {{% endif %}}
+  </constant_variable>
+
+  <constant_variable
+      id="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_faillock_account_regex"
+      datatype="string" version="2"
+      comment="regex to identify pam_faillock.so entry in account section of pam files">
+    {{% if 'debian' in product or 'ubuntu' in product %}}
+    <value>^\s*account\s+required\s+pam_faillock\.so\s*(#.*)?$</value>
+    {{% elif 'openeuler' in product %}}
+    <value>^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=ok\b)?(?=.*?\bnew_authtok_reqd=ok\b)?(?=.*?\bignore=ignore\b)?(?=.*?\bdefault=bad\b)?.*\])[\s]+pam_unix\.so[\s\S]*^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=ok\b)?(?=.*?\bnew_authtok_reqd=ok\b)?(?=.*?\bignore=ignore\b)?(?=.*?\bdefault=bad\b)?.*\])[\s]+pam_faillock\.so</value>
+    {{% else %}}
+    <value>^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_faillock\.so[\s\S]*^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_unix\.so</value>
+    {{% endif %}}
+  </constant_variable>
+
+  <constant_variable
+      id="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_faillock_{{{ prm_name }}}_parameter_regex"
+      datatype="string" version="1"
+      comment="regex to identify pam_faillock.so {{{ prm_name }}} entry in auth section of pam files">
+    <value>{{{ prm_regex_pamd }}}</value>
+  </constant_variable>
+
+  <constant_variable
+      id="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_faillock_conf_{{{ prm_name }}}_parameter_regex"
+      datatype="string" version="1"
+      comment="regex to identify {{{ prm_name }}} entry in /etc/security/faillock.conf">
+    <value>{{{ prm_regex_conf }}}</value>
+  </constant_variable>
+  
+  {{% macro generate_test_faillock_enabled(file_stem) %}}
+  <!-- Check occurences of pam_unix.so in auth section of {{{ file_stem }}}-auth file -->
+  <ind:textfilecontent54_test
+      check="all" check_existence="none_exist" version="2"
+      id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_{{{ file_stem }}}_pam_unix_auth"
+      comment="no more that one pam_unix.so is expected in auth section of {{{ file_stem }}}-auth">
+    <ind:object object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_{{{ file_stem }}}_pam_unix_auth"/>
+  </ind:textfilecontent54_test>
+
+  <ind:textfilecontent54_object
+      version="2"
+      id="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_{{{ file_stem }}}_pam_unix_auth"
+      comment="Get the second and subsequent occurrences of pam_unix.so in auth section of {{{ file_stem}}}-auth">
+    <ind:filepath>/etc/pam.d/{{{file_stem}}}-auth</ind:filepath>
+    <ind:pattern operation="pattern match" var_ref="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_unix_regex"/>
+    <ind:instance datatype="int" operation="greater than">1</ind:instance>
+  </ind:textfilecontent54_object>
+
+  <!-- Check common definition of pam_faillock.so in {{{ file_stem }}}-auth file -->
+  <ind:textfilecontent54_test
+      check="all" check_existence="only_one_exists" version="2"
+      id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_{{{ file_stem }}}_pam_faillock_auth"
+      comment="One and only one occurrence is expected in auth section of {{{ file_stem }}}-auth">
+    <ind:object
+	object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name}}}_{{{ file_stem }}}_pam_faillock_auth"/>
+  </ind:textfilecontent54_test>
+
+  <ind:textfilecontent54_object
+      version="2"
+      id="object_accounts_passwords_pam_faillock_{{{ prm_name}}}_{{{ file_stem }}}_pam_faillock_auth"
+      comment="Check common definition of pam_faillock.so in auth section of common-auth">
+    <ind:filepath>/etc/pam.d/{{{ file_stem }}}-auth</ind:filepath>
+    <ind:pattern operation="pattern match"
+		 var_ref="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_faillock_auth_regex"/>
+    <ind:instance datatype="int" operation="equals">1</ind:instance>
+  </ind:textfilecontent54_object>
+  {{% endmacro %}}
+
+  {{{ generate_test_faillock_enabled (file_stem="system")   }}}
+  {{{ generate_test_faillock_enabled (file_stem="password") }}}
+  {{{ generate_test_faillock_enabled (file_stem="common")   }}}
+
+  {{% macro generate_test_faillock_account(file_stem, file) %}}
+  <!-- Check common definition of pam_faillock.so in {{{ file_stem }}}-account -->
+  <ind:textfilecontent54_test
+      check="all" check_existence="only_one_exists" version="2"
+      id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_{{{ file_stem }}}_pam_faillock_account"
+      comment="One and only one occurrence is expected in {{{ file }}}">
+    <ind:object
+	object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_{{{ file_stem }}}_pam_faillock_account"/>
+  </ind:textfilecontent54_test>
+
+  <ind:textfilecontent54_object
+      version="2"
+      id="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_{{{ file_stem }}}_pam_faillock_account"
+      comment="Check common definition of pam_faillock.so in account section of {{{ file }}}">
+    <ind:filepath>/etc/pam.d/{{{ file }}}</ind:filepath>
+    <ind:pattern operation="pattern match"
+                 var_ref="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_faillock_account_regex"/>
+    <ind:instance datatype="int" operation="equals">1</ind:instance>
+  </ind:textfilecontent54_object>
+  {{% endmacro %}}
+
+  {{{ generate_test_faillock_account (file_stem="system",   file="system-auth")    }}}
+  {{{ generate_test_faillock_account (file_stem="password", file="password-auth")  }}}
+  {{{ generate_test_faillock_account (file_stem="common",   file="common-account") }}}
+
+  {{% macro generate_check_parameter_in_pam_file(file_stem) %}}
+  <!-- Check absence of {{{ prm_name }}} parameter in {{{ file_stem }}}-auth -->
+  <ind:textfilecontent54_test
+      check="all" check_existence="none_exist" version="2"
+      id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_no_pamd_{{{ file_stem }}}"
+      comment="Check the absence of {{{ prm_name }}} parameter in {{{ file_stem }}}-auth">
+    <ind:object object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_pamd_{{{ file_stem }}}"/>
+  </ind:textfilecontent54_test>
+  
+  <!-- Check expected value of {{{ prm_name }}} parameter in {{{ file_stem }}}-auth -->
+  <ind:textfilecontent54_test
+      check="all" check_existence="all_exist" version="2"
+      id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_pamd_{{{ file_stem }}}"
+      comment="Check the expected {{{ prm_name }}} value in {{{ file_stem }}}-auth">
+    <ind:object object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_pamd_{{{ file_stem }}}"/>
+    <ind:state state_ref="state_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_upper_bound"/>
+    <ind:state state_ref="state_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_lower_bound"/>
+  </ind:textfilecontent54_test>
+
+  <ind:textfilecontent54_object
+      version="2"
+      id="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_pamd_{{{ file_stem }}}"
+      comment="Get the pam_faillock.so {{{ prm_name }}} parameter from {{{ file_stem }}}-auth file">
+    <ind:filepath>/etc/pam.d/{{{ file_stem }}}-auth</ind:filepath>
+    <ind:pattern operation="pattern match"
+		 var_ref="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_faillock_{{{ prm_name }}}_parameter_regex"/>
+    <ind:instance datatype="int" operation="equals">1</ind:instance>
+  </ind:textfilecontent54_object>
+  {{% endmacro %}}
+
+  <!-- boundaries to test the parameter value -->
+  <!-- Specify the required external variable & create corresponding state from it -->
+  <external_variable id="{{{ ext_variable }}}" datatype="int"
+                     comment="number of failed login attempts allowed" version="1"/>
+  
+  <ind:textfilecontent54_state
+      version="1"
+      id="state_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_upper_bound">
+    <ind:subexpression datatype="int" operation="less than or equal"
+		       var_ref="{{{ ext_variable }}}"/>
+  </ind:textfilecontent54_state>
+
+  <ind:textfilecontent54_state
+      version="1"
+      id="state_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_lower_bound">
+    <ind:subexpression datatype="int" operation="greater than">0</ind:subexpression>
+  </ind:textfilecontent54_state>
+  
+  {{{ generate_check_parameter_in_pam_file (file_stem="system")   }}}
+  {{{ generate_check_parameter_in_pam_file (file_stem="password") }}}
+  {{{ generate_check_parameter_in_pam_file (file_stem="common")   }}}
+
+  <!-- Check expected value of {{{ prm_name }}} parameter in /etc/security/faillock.conf -->
+  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
+			      id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_faillock_conf"
+			      comment="Check the expected {{{ prm_name }}} value in /etc/security/faillock.conf">
+    <ind:object object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_faillock_conf"/>
+    <ind:state state_ref="state_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_upper_bound"/>
+    <ind:state state_ref="state_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_lower_bound"/>
+  </ind:textfilecontent54_test>
+
+  <!-- Check absence of {{{ prm_name }}} parameter in /etc/security/faillock.conf -->
+  <ind:textfilecontent54_test
+      check="all" check_existence="none_exist" version="1"
+      id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_no_faillock_conf"
+      comment="Check the absence of {{{ prm_name }}} parameter in /etc/security/faillock.conf">
+    <ind:object object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_faillock_conf"/>
+  </ind:textfilecontent54_test>
+
+  <ind:textfilecontent54_object
+      version="1"
+      id="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_faillock_conf"
+      comment="Check the expected pam_faillock.so {{{ prm_name }}} parameter in /etc/security/faillock.conf">
+    <ind:filepath>/etc/security/faillock.conf</ind:filepath>
+    <ind:pattern
+	operation="pattern match"
+	var_ref="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_faillock_conf_{{{ prm_name }}}_parameter_regex"/>
+    <ind:instance datatype="int" operation="equals">1</ind:instance>
+  </ind:textfilecontent54_object>
+
+</def-group>
diff --git a/shared/templates/pam_account_password_faillock_deny/template.yml b/shared/templates/pam_account_password_faillock_deny/template.yml
new file mode 100644
index 000000000000..b57de6fbb63e
--- /dev/null
+++ b/shared/templates/pam_account_password_faillock_deny/template.yml
@@ -0,0 +1,4 @@
+supported_languages:
+  - ansible
+  - bash
+  - oval
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/authselect_modified_pam.fail.sh b/shared/templates/pam_account_password_faillock_deny/tests/authselect_modified_pam.fail.sh
similarity index 100%
rename from linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/authselect_modified_pam.fail.sh
rename to shared/templates/pam_account_password_faillock_deny/tests/authselect_modified_pam.fail.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/conflicting_settings_authselect.fail.sh b/shared/templates/pam_account_password_faillock_deny/tests/conflicting_settings_authselect.fail.sh
similarity index 100%
rename from linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/conflicting_settings_authselect.fail.sh
rename to shared/templates/pam_account_password_faillock_deny/tests/conflicting_settings_authselect.fail.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_conflicting_settings.fail.sh b/shared/templates/pam_account_password_faillock_deny/tests/pam_faillock_conflicting_settings.fail.sh
similarity index 100%
rename from linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_conflicting_settings.fail.sh
rename to shared/templates/pam_account_password_faillock_deny/tests/pam_faillock_conflicting_settings.fail.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_disabled.fail.sh b/shared/templates/pam_account_password_faillock_deny/tests/pam_faillock_disabled.fail.sh
similarity index 100%
rename from linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_disabled.fail.sh
rename to shared/templates/pam_account_password_faillock_deny/tests/pam_faillock_disabled.fail.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_expected_faillock_conf.pass.sh b/shared/templates/pam_account_password_faillock_deny/tests/pam_faillock_expected_faillock_conf.pass.sh
similarity index 100%
rename from linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_expected_faillock_conf.pass.sh
rename to shared/templates/pam_account_password_faillock_deny/tests/pam_faillock_expected_faillock_conf.pass.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_expected_pam_files.pass.sh b/shared/templates/pam_account_password_faillock_deny/tests/pam_faillock_expected_pam_files.pass.sh
similarity index 100%
rename from linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_expected_pam_files.pass.sh
rename to shared/templates/pam_account_password_faillock_deny/tests/pam_faillock_expected_pam_files.pass.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_lenient_faillock_conf.fail.sh b/shared/templates/pam_account_password_faillock_deny/tests/pam_faillock_lenient_faillock_conf.fail.sh
similarity index 100%
rename from linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_lenient_faillock_conf.fail.sh
rename to shared/templates/pam_account_password_faillock_deny/tests/pam_faillock_lenient_faillock_conf.fail.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_lenient_pam_files.fail.sh b/shared/templates/pam_account_password_faillock_deny/tests/pam_faillock_lenient_pam_files.fail.sh
similarity index 100%
rename from linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_lenient_pam_files.fail.sh
rename to shared/templates/pam_account_password_faillock_deny/tests/pam_faillock_lenient_pam_files.fail.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh b/shared/templates/pam_account_password_faillock_deny/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
similarity index 100%
rename from linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
rename to shared/templates/pam_account_password_faillock_deny/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_multiple_pam_unix_pam_files.fail.sh b/shared/templates/pam_account_password_faillock_deny/tests/pam_faillock_multiple_pam_unix_pam_files.fail.sh
similarity index 100%
rename from linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_multiple_pam_unix_pam_files.fail.sh
rename to shared/templates/pam_account_password_faillock_deny/tests/pam_faillock_multiple_pam_unix_pam_files.fail.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_not_required_pam_files.fail.sh b/shared/templates/pam_account_password_faillock_deny/tests/pam_faillock_not_required_pam_files.fail.sh
similarity index 100%
rename from linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_not_required_pam_files.fail.sh
rename to shared/templates/pam_account_password_faillock_deny/tests/pam_faillock_not_required_pam_files.fail.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_stricter_faillock_conf.pass.sh b/shared/templates/pam_account_password_faillock_deny/tests/pam_faillock_stricter_faillock_conf.pass.sh
similarity index 100%
rename from linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_stricter_faillock_conf.pass.sh
rename to shared/templates/pam_account_password_faillock_deny/tests/pam_faillock_stricter_faillock_conf.pass.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_stricter_pam_files.pass.sh b/shared/templates/pam_account_password_faillock_deny/tests/pam_faillock_stricter_pam_files.pass.sh
similarity index 100%
rename from linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_stricter_pam_files.pass.sh
rename to shared/templates/pam_account_password_faillock_deny/tests/pam_faillock_stricter_pam_files.pass.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_commented_values.fail.sh b/shared/templates/pam_account_password_faillock_deny/tests/ubuntu_commented_values.fail.sh
similarity index 100%
rename from linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_commented_values.fail.sh
rename to shared/templates/pam_account_password_faillock_deny/tests/ubuntu_commented_values.fail.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_common.sh b/shared/templates/pam_account_password_faillock_deny/tests/ubuntu_common.sh
similarity index 100%
rename from linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_common.sh
rename to shared/templates/pam_account_password_faillock_deny/tests/ubuntu_common.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_correct.pass.sh b/shared/templates/pam_account_password_faillock_deny/tests/ubuntu_correct.pass.sh
similarity index 100%
rename from linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_correct.pass.sh
rename to shared/templates/pam_account_password_faillock_deny/tests/ubuntu_correct.pass.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_correct_pamd.pass.sh b/shared/templates/pam_account_password_faillock_deny/tests/ubuntu_correct_pamd.pass.sh
similarity index 100%
rename from linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_correct_pamd.pass.sh
rename to shared/templates/pam_account_password_faillock_deny/tests/ubuntu_correct_pamd.pass.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_empty_faillock_conf.fail.sh b/shared/templates/pam_account_password_faillock_deny/tests/ubuntu_empty_faillock_conf.fail.sh
similarity index 100%
rename from linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_empty_faillock_conf.fail.sh
rename to shared/templates/pam_account_password_faillock_deny/tests/ubuntu_empty_faillock_conf.fail.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_missing_pamd.fail.sh b/shared/templates/pam_account_password_faillock_deny/tests/ubuntu_missing_pamd.fail.sh
similarity index 100%
rename from linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_missing_pamd.fail.sh
rename to shared/templates/pam_account_password_faillock_deny/tests/ubuntu_missing_pamd.fail.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_multiple_pam_unix.fail.sh b/shared/templates/pam_account_password_faillock_deny/tests/ubuntu_multiple_pam_unix.fail.sh
similarity index 100%
rename from linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_multiple_pam_unix.fail.sh
rename to shared/templates/pam_account_password_faillock_deny/tests/ubuntu_multiple_pam_unix.fail.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_wrong_value.fail.sh b/shared/templates/pam_account_password_faillock_deny/tests/ubuntu_wrong_value.fail.sh
similarity index 100%
rename from linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_wrong_value.fail.sh
rename to shared/templates/pam_account_password_faillock_deny/tests/ubuntu_wrong_value.fail.sh