diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/authselect_modified_pam.fail.sh
deleted file mode 100644
index b3232cc93ec2..000000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/authselect_modified_pam.fail.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
-# remediation = none
-
-SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
-
-# This modification will break the integrity checks done by authselect.
-if ! $(grep -q "^[^#].*pam_pwhistory\.so.*remember=" $SYSTEM_AUTH_FILE); then
-	sed -i "/^password.*requisite.*pam_pwquality\.so/a password    requisite     pam_pwhistory.so" $SYSTEM_AUTH_FILE
-else
-   sed -i "s/\(.*pam_pwhistory\.so.*remember=\)[[:digit:]]\+\s\(.*\)/\1/g" $SYSTEM_AUTH_FILE
-fi
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/conflicting_settings_authselect.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/conflicting_settings_authselect.fail.sh
deleted file mode 100644
index 24f5731f63dd..000000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/conflicting_settings_authselect.fail.sh
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/bin/bash
-# packages = authselect,pam
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
-
-pam_files=("password-auth" "system-auth")
-
-authselect create-profile testingProfile --base-on minimal
-
-CUSTOM_PROFILE_DIR="/etc/authselect/custom/testingProfile"
-
-authselect select --force custom/testingProfile
-
-truncate -s 0 /etc/security/faillock.conf
-
-echo "deny = 3" > /etc/security/faillock.conf
-
-{{{ bash_pam_faillock_enable() }}}
-
-for file in ${pam_files[@]}; do
-    if grep -qP "auth.*faillock\.so.*preauth" $CUSTOM_PROFILE_DIR/$file; then
-        sed -i "/^\s*auth.*faillock\.so.*preauth/ s/$/deny=3/" \
-            "$CUSTOM_PROFILE_DIR/$file"
-    else 
-        sed -i "0,/^\s*auth.*/i auth required pam_faillock.so preauth deny=3" \
-        "$CUSTOM_PROFILE_DIR/$file"
-    fi
-done
-
-
-authselect apply-changes
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_conflicting_settings.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_conflicting_settings.fail.sh
deleted file mode 100644
index aa3ca061de72..000000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_conflicting_settings.fail.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/bash
-# packages = authselect
-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
-# remediation = none
-# variables = var_accounts_passwords_pam_faillock_deny=3
-
-authselect select sssd --force
-authselect enable-feature with-faillock
-# This test scenario simulates conflicting settings in pam and faillock.conf files.
-# It means that authselect is not properly configured and may have a unexpected behaviour. The
-# authselect integrity check will fail and the remediation will be aborted in order to preserve
-# intentional changes. In this case, an informative message will be shown in the remediation report.
-sed -i --follow-symlinks 's/\(pam_faillock.so \(preauth silent\|authfail\)\).*$/\1 deny=3/g' /etc/pam.d/system-auth /etc/pam.d/password-auth
-> /etc/security/faillock.conf
-echo "deny = 3" >> /etc/security/faillock.conf
-echo "silent" >> /etc/security/faillock.conf
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_disabled.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_disabled.fail.sh
deleted file mode 100644
index 67c1b593bdb6..000000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_disabled.fail.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle
-# packages = authselect
-# variables = var_accounts_passwords_pam_faillock_deny=3
-
-if [ -f /usr/sbin/authconfig ]; then
-    authconfig --disablefaillock --update
-else
-    authselect select sssd --force
-    authselect disable-feature with-faillock
-fi
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_expected_faillock_conf.pass.sh
deleted file mode 100644
index e770e300f526..000000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_expected_faillock_conf.pass.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-# packages = authselect
-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
-# variables = var_accounts_passwords_pam_faillock_deny=3
-
-authselect select sssd --force
-authselect enable-feature with-faillock
-> /etc/security/faillock.conf
-echo "deny = 3" >> /etc/security/faillock.conf
-echo "silent" >> /etc/security/faillock.conf
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_expected_pam_files.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_expected_pam_files.pass.sh
deleted file mode 100644
index bbf97fa2ac0a..000000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_expected_pam_files.pass.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-# packages = authconfig
-# platform = Oracle Linux 7,multi_platform_fedora
-# variables = var_accounts_passwords_pam_faillock_deny=3
-
-authconfig --enablefaillock --faillockargs="deny=3" --update
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_lenient_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_lenient_faillock_conf.fail.sh
deleted file mode 100644
index fd57152b8c4b..000000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_lenient_faillock_conf.fail.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-# packages = authselect
-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
-# variables = var_accounts_passwords_pam_faillock_deny=3
-
-authselect select sssd --force
-authselect enable-feature with-faillock
-> /etc/security/faillock.conf
-echo "deny = 5" >> /etc/security/faillock.conf
-echo "silent" >> /etc/security/faillock.conf
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_lenient_pam_files.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_lenient_pam_files.fail.sh
deleted file mode 100644
index cb1ca9304993..000000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_lenient_pam_files.fail.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-# packages = authconfig
-# platform = Oracle Linux 7,multi_platform_fedora
-# variables = var_accounts_passwords_pam_faillock_deny=3
-
-authconfig --enablefaillock --faillockargs="deny=5" --update
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
deleted file mode 100644
index efb57601cb9c..000000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/bash
-# packages = authselect
-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
-# remediation = none
-# variables = var_accounts_passwords_pam_faillock_deny=3
-
-authselect select sssd --force
-authselect enable-feature with-faillock
-# Ensure the parameters only in /etc/security/faillock.conf
-sed -i --follow-symlinks 's/\(pam_faillock.so \(preauth silent\|authfail\)\).*$/\1/g' /etc/pam.d/system-auth /etc/pam.d/password-auth
-> /etc/security/faillock.conf
-echo "deny = 3" >> /etc/security/faillock.conf
-echo "silent" >> /etc/security/faillock.conf
-
-# Multiple instances of pam_unix.so in auth section may, intentionally or not, interfere
-# in the expected behaviour of pam_faillock.so. Remediation does not solve this automatically
-# in order to preserve intentional changes.
-echo "auth        sufficient       pam_unix.so" >> /etc/pam.d/password-auth
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_multiple_pam_unix_pam_files.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_multiple_pam_unix_pam_files.fail.sh
deleted file mode 100644
index 51d94b3333b6..000000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_multiple_pam_unix_pam_files.fail.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-# packages = authconfig
-# platform = Oracle Linux 7,multi_platform_fedora
-# remediation = none
-# variables = var_accounts_passwords_pam_faillock_deny=3
-
-authconfig --enablefaillock --faillockargs="deny=3" --update
-
-# Multiple instances of pam_unix.so in auth section may, intentionally or not, interfere
-# in the expected behaviour of pam_faillock.so. Remediation does not solve this automatically
-# in order to preserve intentional changes.
-echo "auth        sufficient       pam_unix.so" >> /etc/pam.d/password-auth
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_not_required_pam_files.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_not_required_pam_files.fail.sh
deleted file mode 100644
index e3ec96da080e..000000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_not_required_pam_files.fail.sh
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/bin/bash
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle
-# packages = authselect
-# remediation = none
-# variables = var_accounts_passwords_pam_faillock_deny=3
-
-# This test scenario manually modify the pam_faillock.so entries in auth section from
-# "required" to "sufficient". This makes pam_faillock.so behave differently than initially
-# intentioned. We catch this, but we can't safely remediate in an automated way.
-if [ -f /usr/sbin/authconfig ]; then
-    authconfig --enablefaillock --faillockargs="deny=3" --update
-else
-    authselect select sssd --force
-    authselect enable-feature with-faillock
-    sed -i --follow-symlinks 's/\(pam_faillock.so \(preauth silent\|authfail\)\).*$/\1 deny=3/g' /etc/pam.d/system-auth /etc/pam.d/password-auth
-fi
-sed -i --follow-symlinks 's/\(^\s*auth\s*\)\(\s.*\)\(pam_faillock\.so.*$\)/\1 sufficient \3/g' /etc/pam.d/system-auth /etc/pam.d/password-auth
-if [ -f /etc/security/faillock.conf ]; then
-    > /etc/security/faillock.conf
-fi
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_stricter_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_stricter_faillock_conf.pass.sh
deleted file mode 100644
index 595b85192da1..000000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_stricter_faillock_conf.pass.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-# packages = authselect
-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
-# variables = var_accounts_passwords_pam_faillock_deny=3
-
-authselect select sssd --force
-authselect enable-feature with-faillock
-> /etc/security/faillock.conf
-echo "deny = 2" >> /etc/security/faillock.conf
-echo "silent" >> /etc/security/faillock.conf
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_stricter_pam_files.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_stricter_pam_files.pass.sh
deleted file mode 100644
index 54729a3144bb..000000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_stricter_pam_files.pass.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-# packages = authconfig
-# platform = Oracle Linux 7,multi_platform_fedora
-# variables = var_accounts_passwords_pam_faillock_deny=3
-
-authconfig --enablefaillock --faillockargs="deny=2" --update
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_commented_values.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_commented_values.fail.sh
deleted file mode 100644
index 06e07a9d9685..000000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_commented_values.fail.sh
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/bash
-# platform = multi_platform_ubuntu
-
-source ubuntu_common.sh
-
-sed -i 's/\(^.*pam_faillock\.so.*\)/# \1/' /etc/pam.d/common-auth
-sed -i 's/\(^.*pam_faillock\.so.*\)/# \1/' /etc/pam.d/common-account
-
-echo "#deny=1" > /etc/security/faillock.conf
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_common.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_common.sh
deleted file mode 100644
index e64fb3528e8f..000000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_common.sh
+++ /dev/null
@@ -1,50 +0,0 @@
-#!/bin/bash
-
-# Create passing pam.d files based on defaults from a clean installation of Ubuntu 22.04 LTS
-# Extra comments and whitespaces were added to test for edge cases
-
-cat >/etc/pam.d/common-auth <<EOF
- ## Leading and trailing whitespaces should be ok
- auth required  pam_faillock.so     preauth 
-# here are the per-package modules (the "Primary" block)
-auth    [success=2 default=ignore]      pam_unix.so nullok
-## Several lines of comments should not
-## break faillock remediation logic
-## Nor should commented pam_unix
-#auth    [success=2 default=ignore]      pam_unix.so nullok
-
-auth    [success=1 default=ignore]      pam_sss.so use_first_pass
-
- ## Some more user comments
- auth [default=die]  pam_faillock.so authfail 
- ## and some more
- auth sufficient     pam_faillock.so authsucc 
-
-# here's the fallback if no module succeeds
-auth    requisite                       pam_deny.so
-# prime the stack with a positive return value if there isn't one already;
-# this avoids us returning an error just because nothing sets a success code
-# since the modules above will each just jump around
-auth    required                        pam_permit.so
-# and here are more per-package modules (the "Additional" block)
-auth    optional                        pam_cap.so 
-# end of pam-auth-update config
-EOF
-
-
-cat >/etc/pam.d/common-account <<EOF
-# here are the per-package modules (the "Primary" block)
-account [success=1 new_authtok_reqd=done default=ignore]        pam_unix.so 
-# here's the fallback if no module succeeds
-account requisite                       pam_deny.so
-# prime the stack with a positive return value if there isn't one already;
-# this avoids us returning an error just because nothing sets a success code
-# since the modules above will each just jump around
-account required                        pam_permit.so
-# and here are more per-package modules (the "Additional" block)
-account sufficient                      pam_localuser.so 
-account [default=bad success=ok user_unknown=ignore]    pam_sss.so 
-# end of pam-auth-update config
-
-  account required  pam_faillock.so 
-EOF
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_correct.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_correct.pass.sh
deleted file mode 100644
index 17e2131675e9..000000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_correct.pass.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-# platform = multi_platform_ubuntu
-
-source ubuntu_common.sh
-
-echo "deny=1" > /etc/security/faillock.conf
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_correct_pamd.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_correct_pamd.pass.sh
deleted file mode 100644
index e6d203a01c5e..000000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_correct_pamd.pass.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/bash
-# platform = multi_platform_ubuntu
-
-source ubuntu_common.sh
-
-sed -i 's/\(.*pam_faillock.so.*\)/\1 deny=1/g' /etc/pam.d/common-auth
-
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_empty_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_empty_faillock_conf.fail.sh
deleted file mode 100644
index 3b73ba396a64..000000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_empty_faillock_conf.fail.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash
-# platform = multi_platform_ubuntu
-
-# This test should fail because neither pam.d or faillock.conf have deny defined
-
-source ubuntu_common.sh
-
-echo > /etc/security/faillock.conf
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_missing_pamd.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_missing_pamd.fail.sh
deleted file mode 100644
index 40c103dc6f9c..000000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_missing_pamd.fail.sh
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/bash
-# platform = multi_platform_ubuntu
-
-source ubuntu_common.sh
-
-sed -i '/pam_faillock\.so/d' /etc/pam.d/common-auth
-sed -i '/pam_faillock\.so/d' /etc/pam.d/common-account
-
-echo "deny=1" > /etc/security/faillock.conf
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_multiple_pam_unix.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_multiple_pam_unix.fail.sh
deleted file mode 100644
index 23be5083c6ff..000000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_multiple_pam_unix.fail.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-# platform = multi_platform_ubuntu
-# remediation = none
-
-# Multiple instances of pam_unix.so in auth section may, intentionally or not, interfere
-# in the expected behaviour of pam_faillock.so. Remediation does not solve this automatically
-# in order to preserve intentional changes.
-
-source ubuntu_common.sh
-
-echo "auth        sufficient       pam_unix.so" >> /etc/pam.d/common-auth
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_wrong_value.fail.sh
deleted file mode 100644
index d236f32cb8bc..000000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/ubuntu_wrong_value.fail.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-# platform = multi_platform_ubuntu
-
-source ubuntu_common.sh
-
-echo "deny=999" > /etc/security/faillock.conf
diff --git a/shared/templates/pam_account_password_faillock/oval.template b/shared/templates/pam_account_password_faillock/oval.template
index f0b7de072942..915905aedd30 100644
--- a/shared/templates/pam_account_password_faillock/oval.template
+++ b/shared/templates/pam_account_password_faillock/oval.template
@@ -125,7 +125,7 @@
     {{% if 'debian' in product %}}
     <value>^\s*auth\s+required\s+pam_faillock\.so.*preauth.*[\s\S]*^\s*auth.*pam_unix\.so[\s\S]*^\s*auth\s+\[default=die\]\s+pam_faillock\.so\s+authfail[\s\S]*^\s*auth\s+sufficient\s+pam_faillock\.so\s+authsucc</value>
     {{% elif 'ubuntu' in product %}}
-    <value>^\s*auth\s+(requisite|require)\s+pam_faillock\.so.*preauth.*[\s\S]*^\s*auth.*pam_unix\.so[\s\S]*^\s*auth\s+\[default=die\]\s+pam_faillock\.so\s+authfail</value>
+    <value>^\s*auth\s+(requisite|required)\s+pam_faillock\.so.*preauth.*[\s\S]*^\s*auth.*pam_unix\.so[\s\S]*^\s*auth\s+\[default=die\]\s+pam_faillock\.so\s+authfail</value>
     {{% elif 'openeuler' in product or 'kylinserver' in product %}}
     <value>^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)?(?=.*?\bnew_authtok_reqd=ok\b)?(?=.*?\bignore=ignore\b)?(?=.*?\bdefault=bad\b)?.*\])[\s]+pam_faillock\.so[\s\w\d=]+preauth[\s\S]*^[\s]*auth[\s]+(sufficient|\[(?=.*\bsuccess=done\b)?(?=.*?\bnew_authtok_reqd=done\b)?(?=.*?\bdefault=ignore\b)?.*\])[\s]+pam_unix\.so[\s\S]*^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)?(?=.*?\bnew_authtok_reqd=ok\b)?(?=.*?\bignore=ignore\b)?(?=.*?\bdefault=die\b)?.*\])[\s]+pam_faillock\.so[\s\w\d=]+authfail</value>
     {{% else %}}
diff --git a/shared/templates/pam_account_password_faillock/tests/ubuntu_commented_values.fail.sh b/shared/templates/pam_account_password_faillock/tests/ubuntu_commented_values.fail.sh
index d49c834a6480..d741778f8e81 100644
--- a/shared/templates/pam_account_password_faillock/tests/ubuntu_commented_values.fail.sh
+++ b/shared/templates/pam_account_password_faillock/tests/ubuntu_commented_values.fail.sh
@@ -1,13 +1,8 @@
 #!/bin/bash
 # platform = multi_platform_ubuntu
 
-source ubuntu_common.sh
-
-rm -f /usr/share/cac_faillock*
-pam-auth-update
-
-sed -i 's/\(^.*pam_faillock\.so.*\)/# \1/' /etc/pam.d/common-auth
-sed -i 's/\(^.*pam_faillock\.so.*\)/# \1/' /etc/pam.d/common-account
+rm -f /usr/share/pam-configs/cac_faillock*
 
+DEBIAN_FRONTEND=noninteractive pam-auth-update
 
 echo "#deny=1" > /etc/security/faillock.conf
diff --git a/shared/templates/pam_account_password_faillock/tests/ubuntu_common.sh b/shared/templates/pam_account_password_faillock/tests/ubuntu_common.sh
deleted file mode 100644
index e64fb3528e8f..000000000000
--- a/shared/templates/pam_account_password_faillock/tests/ubuntu_common.sh
+++ /dev/null
@@ -1,50 +0,0 @@
-#!/bin/bash
-
-# Create passing pam.d files based on defaults from a clean installation of Ubuntu 22.04 LTS
-# Extra comments and whitespaces were added to test for edge cases
-
-cat >/etc/pam.d/common-auth <<EOF
- ## Leading and trailing whitespaces should be ok
- auth required  pam_faillock.so     preauth 
-# here are the per-package modules (the "Primary" block)
-auth    [success=2 default=ignore]      pam_unix.so nullok
-## Several lines of comments should not
-## break faillock remediation logic
-## Nor should commented pam_unix
-#auth    [success=2 default=ignore]      pam_unix.so nullok
-
-auth    [success=1 default=ignore]      pam_sss.so use_first_pass
-
- ## Some more user comments
- auth [default=die]  pam_faillock.so authfail 
- ## and some more
- auth sufficient     pam_faillock.so authsucc 
-
-# here's the fallback if no module succeeds
-auth    requisite                       pam_deny.so
-# prime the stack with a positive return value if there isn't one already;
-# this avoids us returning an error just because nothing sets a success code
-# since the modules above will each just jump around
-auth    required                        pam_permit.so
-# and here are more per-package modules (the "Additional" block)
-auth    optional                        pam_cap.so 
-# end of pam-auth-update config
-EOF
-
-
-cat >/etc/pam.d/common-account <<EOF
-# here are the per-package modules (the "Primary" block)
-account [success=1 new_authtok_reqd=done default=ignore]        pam_unix.so 
-# here's the fallback if no module succeeds
-account requisite                       pam_deny.so
-# prime the stack with a positive return value if there isn't one already;
-# this avoids us returning an error just because nothing sets a success code
-# since the modules above will each just jump around
-account required                        pam_permit.so
-# and here are more per-package modules (the "Additional" block)
-account sufficient                      pam_localuser.so 
-account [default=bad success=ok user_unknown=ignore]    pam_sss.so 
-# end of pam-auth-update config
-
-  account required  pam_faillock.so 
-EOF
diff --git a/shared/templates/pam_account_password_faillock/tests/ubuntu_correct.pass.sh b/shared/templates/pam_account_password_faillock/tests/ubuntu_correct.pass.sh
index 17e2131675e9..ecdec111e154 100644
--- a/shared/templates/pam_account_password_faillock/tests/ubuntu_correct.pass.sh
+++ b/shared/templates/pam_account_password_faillock/tests/ubuntu_correct.pass.sh
@@ -1,6 +1,5 @@
 #!/bin/bash
 # platform = multi_platform_ubuntu
 
-source ubuntu_common.sh
-
+{{{ bash_enable_pam_faillock_directly_in_pam_files() }}}
 echo "deny=1" > /etc/security/faillock.conf
diff --git a/shared/templates/pam_account_password_faillock/tests/ubuntu_correct_pamd.pass.sh b/shared/templates/pam_account_password_faillock/tests/ubuntu_correct_pamd.pass.sh
index 7560dca2ef25..adcfd90b7b84 100644
--- a/shared/templates/pam_account_password_faillock/tests/ubuntu_correct_pamd.pass.sh
+++ b/shared/templates/pam_account_password_faillock/tests/ubuntu_correct_pamd.pass.sh
@@ -1,10 +1,30 @@
 #!/bin/bash
 # platform = multi_platform_ubuntu
 
-source ubuntu_common.sh
+rm -f /usr/share/pam-configs/cac_faillock*
+DEBIAN_FRONTEND=noninteractive pam-auth-update
 
-rm -f /usr/share/cac_faillock*
-pam-auth-update
+cat << EOF > /usr/share/pam-configs/cac_faillock
+Name: Enable pam_faillock to deny access
+Default: yes
+Conflicts: faillock
+Priority: 0
+Auth-Type: Primary
+Auth:
+    [default=die]                   pam_faillock.so authfail deny=3
+EOF
 
-sed -i 's/\(.*pam_faillock.so.*\)/\1 deny=1/g' /etc/pam.d/common-auth
+cat << EOF > /usr/share/pam-configs/cac_faillock_notify
+Name: Notify of failed login attempts and reset count upon success
+Default: yes
+Conflicts: faillock_notify
+Priority: 1025
+Auth-Type: Primary
+Auth:
+    requisite                       pam_faillock.so preauth
+Account-Type: Primary
+Account:
+    required                        pam_faillock.so
+EOF
 
+DEBIAN_FRONTEND=noninteractive pam-auth-update
diff --git a/shared/templates/pam_account_password_faillock/tests/ubuntu_empty_faillock_conf.fail.sh b/shared/templates/pam_account_password_faillock/tests/ubuntu_empty_faillock_conf.fail.sh
index 7dfc2dc7bd19..0b81f1b8e2b9 100644
--- a/shared/templates/pam_account_password_faillock/tests/ubuntu_empty_faillock_conf.fail.sh
+++ b/shared/templates/pam_account_password_faillock/tests/ubuntu_empty_faillock_conf.fail.sh
@@ -1,11 +1,8 @@
 #!/bin/bash
 # platform = multi_platform_ubuntu
 
-# This test should fail because neither pam.d or faillock.conf have deny defined
+rm -f /usr/share/pam-configs/cac_faillock*
 
-source ubuntu_common.sh
-
-rm -f /usr/share/cac_faillock*
-pam-auth-update
+DEBIAN_FRONTEND=noninteractive pam-auth-update
 
 echo > /etc/security/faillock.conf
diff --git a/shared/templates/pam_account_password_faillock/tests/ubuntu_missing_pamd.fail.sh b/shared/templates/pam_account_password_faillock/tests/ubuntu_missing_pamd.fail.sh
index bed9d088ad38..392ebfdc0865 100644
--- a/shared/templates/pam_account_password_faillock/tests/ubuntu_missing_pamd.fail.sh
+++ b/shared/templates/pam_account_password_faillock/tests/ubuntu_missing_pamd.fail.sh
@@ -1,14 +1,8 @@
 #!/bin/bash
 # platform = multi_platform_ubuntu
 
-source ubuntu_common.sh
+rm -f /usr/share/pam-configs/cac_faillock*
 
-rm -f /usr/share/cac_faillock*
-pam-auth-update
-
-sed -i 's/\(^.*pam_faillock\.so.*\)/# \1/' /etc/pam.d/common-auth
-sed -i 's/\(^.*pam_faillock\.so.*\)/# \1/' /etc/pam.d/common-account
-
-pam-auth-update --remove faillock faillock_notify --force
+DEBIAN_FRONTEND=noninteractive pam-auth-update
 
 echo "deny=1" > /etc/security/faillock.conf
diff --git a/shared/templates/pam_account_password_faillock/tests/ubuntu_multiple_pam_unix.fail.sh b/shared/templates/pam_account_password_faillock/tests/ubuntu_multiple_pam_unix.fail.sh
index 23be5083c6ff..2e1cc064a9e8 100644
--- a/shared/templates/pam_account_password_faillock/tests/ubuntu_multiple_pam_unix.fail.sh
+++ b/shared/templates/pam_account_password_faillock/tests/ubuntu_multiple_pam_unix.fail.sh
@@ -6,6 +6,5 @@
 # in the expected behaviour of pam_faillock.so. Remediation does not solve this automatically
 # in order to preserve intentional changes.
 
-source ubuntu_common.sh
-
-echo "auth        sufficient       pam_unix.so" >> /etc/pam.d/common-auth
+{{{ bash_enable_pam_faillock_directly_in_pam_files() }}}
+sed -i '/# end of pam-auth-update config/i\auth        sufficient       pam_unix.so' /etc/pam.d/common-auth
diff --git a/shared/templates/pam_account_password_faillock/tests/ubuntu_wrong_value.fail.sh b/shared/templates/pam_account_password_faillock/tests/ubuntu_wrong_value.fail.sh
index d236f32cb8bc..6cec73427c08 100644
--- a/shared/templates/pam_account_password_faillock/tests/ubuntu_wrong_value.fail.sh
+++ b/shared/templates/pam_account_password_faillock/tests/ubuntu_wrong_value.fail.sh
@@ -1,6 +1,5 @@
 #!/bin/bash
 # platform = multi_platform_ubuntu
 
-source ubuntu_common.sh
-
+{{{ bash_enable_pam_faillock_directly_in_pam_files() }}}
 echo "deny=999" > /etc/security/faillock.conf