I would like to parse pam files with the following two examples and look for deny configuration.
auth required pam_faillock.so authsucc deny=4 even_deny_root unlock_time=1200
auth required pam_faillock.so authsucc even_deny_root unlock_time=1200
The pattern should match both lines:
1 Line Match should return group1 "deny=4" and group2 "4"
2 Line Match should return empty group1 and empty group2
(^auth\s+required\s+pam_faillock\.so).*?(?(1) (deny\=(\d+))|(.*))