So in digging through all this, I'm finding a couple of things that either aren't working right or that will require alterations to my current configuration to comply.
Where do I ask the following questions? It seems that this group isn't the place, but my google-fu is coming up short.
auth pam_tally2 ... deny=5
in /etc/pam.d/system_auth doesn't appear to reset if I successfully enter my password after a failure. Eventually I get locked out and the audit scripts do not appear to allow "unlock="
What is the best practice for application of pam_tally2?
SRG requires no .forward files. I currently do some data processing on automated emails via procmail configured in .forward in a dedicated user. What is the best practice for configuring such?
Andrew