Editing Authselect files

Question

I'm hardening fedora OS following the CIS Benchmark for fedora 28.

In one of the remediations, the Benchmark provides an script that modifies the files system-auth and password-auth. When I apply the changes with authselect apply-changes I get an error because that files were modified.

Supposedly I can modified these files, but I'm not understanding how to commit the changes. I've been searching about this but stilling stuck.

The error is the next one:

[error] [/etc/authselect/password-auth] has unexpected content!
[error] Unexpected changes to the configuration were detected.
[error] Refusing to activate profile unless those changes are removed or overwrite is requested.
Some unexpected changes to the configuration were detected. Use 'select' command instead.

Some help? Thanks.

score 1 · Answer 1 · edited Aug 28 '20 at 17:50

1

You can use --force to force it.

I've added this to ansible post security baseline:

- name: enable auto home dirs
  command: "{{ item }}"
  loop:
    - authselect select sssd --force
    - authselect select sssd with-mkhomedir

edited Aug 28 '20 at 17:50

Glorfindel

1,213
3
15
22

answered Aug 27 '20 at 23:18

Scotty Laing

21
1

Editing Authselect files

1 Answers1