From 0c318b6738140e799ab7f861383e4fe3cec72156 Mon Sep 17 00:00:00 2001
From: Craig Andrews <candrews@integralblue.com>
Date: Thu, 6 Jul 2023 16:26:15 -0400
Subject: [PATCH] ensure_pam_wheel_group_empty: depend on pam being installed

This rule, which checks pam configuration, only makes sense when pam is installed.
---
 .../root_logins/ensure_pam_wheel_group_empty/rule.yml           | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/rule.yml
index b2542be551f..a1d406340ff 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/rule.yml
@@ -27,6 +27,8 @@ references:
     cis@ubuntu2004: '5.6'
     cis@ubuntu2204: 5.3.7
 
+platform: package[pam]
+
 ocil_clause: 'group {{{ var_pam_wheel_group_for_su }}} exists and has no user members'
 
 ocil: |-