mirror/iopsys-feed
1
0
Fork 0
mirror of https://dev.iopsys.eu/feed/iopsys.git synced 2025-12-10 07:44:50 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
iopsys-feed/linux-pam/files/pam_faillock.uci_default
Vivek Kumar Dutta 2be4eeebb7
linux-pam: 1.7.0
2025-03-11 11:23:45 +05:30

43 lines
1.1 KiB
Bash
Raw Blame History

#!/bin/sh
create_faillock_files()
{
# also create files needed by pam_faillock
touch /var/log/faillock
chmod 700 /var/log/faillock
touch /var/log/btmp
chmod 700 /var/log/btmp
}
update_pam_common_auth()
{
local file="/etc/pam.d/common-auth"
local deny=6
local unlock_time=300
# update pam_unix.so line
sed -i -E 's|^.*pam_unix\.so.*|auth\t sufficient\tpam_unix.so nullok_secure|' "$file"
# Insert pam_faillock lines before and after pam_unix.so
sed -i -E "/pam_unix.so nullok_secure/i auth required pam_faillock.so preauth deny=$deny even_deny_root unlock_time=$unlock_time" "$file"
sed -i -E "/pam_unix.so nullok_secure/a auth [default=die] pam_faillock.so authfail audit deny=$deny even_deny_root unlock_time=$unlock_time" "$file"
}
update_pam_common_account()
{
# update account file
sed -i "/pam_unix.so/ i account required pam_faillock.so" /etc/pam.d/common-account
}
if [ -f "/usr/lib/security/pam_faillock.so" ]; then
update_pam_common_auth
update_pam_common_account
create_faillock_files
fi
if [ -f /etc/config/sshd ]; then
uci -q set sshd.@sshd[0].UsePAM=1
uci commit sshd
fi
exit 0
Reference in a new issue View git blame Copy permalink