mirror of
https://dev.iopsys.eu/feed/iopsys.git
synced 2025-12-10 07:44:50 +01:00
Revert "linux-pam: add linux-pam suite in order to use pam_faillock"
This reverts commit 669a58dcd4ab0f338b7c6e19223da4a04b0e0490.
This commit is contained in:
Vivek Kumar Dutta
Husaam Mehdi
parent
c045ed62e1
commit
02b1dd3281
2 changed files with 0 additions and 78 deletions
|
|
@ -1,35 +0,0 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=linux_pam
|
||||
PKG_VERSION:=1.7.0
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_SOURCE_PROTO:=git
|
||||
PKG_SOURCE_URL:=https://github.com/linux-pam/linux-pam.git
|
||||
PKG_SOURCE_VERSION:=HEAD
|
||||
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
|
||||
|
||||
PKG_BUILD_DEPENDS:=libpam meson ninja pkgconf
|
||||
PKG_FIXUP:=meson
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
include $(INCLUDE_DIR)/meson.mk
|
||||
|
||||
define Package/linux_pam
|
||||
SECTION:=libs
|
||||
CATEGORY:=Libraries
|
||||
TITLE:=Linux PAM Module
|
||||
DEPENDS:=+libpam
|
||||
endef
|
||||
|
||||
MESON_ARGS += \
|
||||
-Dprefix=/usr \
|
||||
-Ddefault_library=shared
|
||||
|
||||
define Package/linux_pam/install
|
||||
$(INSTALL_DIR) $(1)/usr/lib/security
|
||||
$(INSTALL_DIR) $(1)/etc/uci-defaults/
|
||||
$(INSTALL_BIN) ./files/pam_faillock.uci_default $(1)/etc/uci-defaults/99-add_pam_faillock
|
||||
endef
|
||||
|
||||
$(eval $(call BuildPackage,linux_pam))
|
||||
|
|
@ -1,43 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
create_faillock_files()
|
||||
{
|
||||
# also create files needed by pam_faillock
|
||||
touch /var/log/faillock
|
||||
chmod 700 /var/log/faillock
|
||||
touch /var/log/btmp
|
||||
chmod 700 /var/log/btmp
|
||||
}
|
||||
|
||||
update_pam_common_auth()
|
||||
{
|
||||
local file="/etc/pam.d/common-auth"
|
||||
local deny=6
|
||||
local unlock_time=300
|
||||
|
||||
# update pam_unix.so line
|
||||
sed -i -E 's|^.*pam_unix\.so.*|auth\t sufficient\tpam_unix.so nullok_secure|' "$file"
|
||||
|
||||
# Insert pam_faillock lines before and after pam_unix.so
|
||||
sed -i -E "/pam_unix.so nullok_secure/i auth required pam_faillock.so preauth deny=$deny even_deny_root unlock_time=$unlock_time" "$file"
|
||||
sed -i -E "/pam_unix.so nullok_secure/a auth [default=die] pam_faillock.so authfail audit deny=$deny even_deny_root unlock_time=$unlock_time" "$file"
|
||||
}
|
||||
|
||||
update_pam_common_account()
|
||||
{
|
||||
# update account file
|
||||
sed -i "/pam_unix.so/ i account required pam_faillock.so" /etc/pam.d/common-account
|
||||
}
|
||||
|
||||
if [ -f "/usr/lib/security/pam_faillock.so" ]; then
|
||||
update_pam_common_auth
|
||||
update_pam_common_account
|
||||
create_faillock_files
|
||||
fi
|
||||
|
||||
if [ -f /etc/config/sshd ]; then
|
||||
uci -q set sshd.@sshd[0].UsePAM=1
|
||||
uci commit sshd
|
||||
fi
|
||||
|
||||
exit 0
|
||||
Loading…
Add table
Reference in a new issue