add an account_password_pam_faillock template

rewrite accounts_passwords_pam_faillock_interval and
accounts_passwords_pam_faillock_unlock_time to use this new template.

linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml

@@ -120,3 +120,13 @@ warnings:
         be shown in the remediation report.
         If the system supports the <tt>/etc/security/faillock.conf</tt> file, the pam_faillock
         parameters should be defined in <tt>faillock.conf</tt> file.
+
+template:
+  name: pam_account_password_faillock
+  vars:
+    prm_name: fail_interval
+    prm_regex_conf: ^[\s]*fail_interval[\s]*=[\s]*([0-9]+)
+    prm_regex_pamd: ^[\s]*auth[\s]+.+[\s]+pam_faillock.so[\s]+[^\n]*fail_interval=([0-9]+)
+    ext_variable: var_accounts_passwords_pam_faillock_fail_interval
+    description: The number of allowed failed logins should be set correctly.
+    variable_lower_bound: use_ext_variable