mirror of
https://codeberg.org/privacy1st/arch
synced 2024-12-23 01:16:04 +01:00
45 lines
982 B
Plaintext
45 lines
982 B
Plaintext
|
#!/bin/sh
|
||
|
# stdin: default config
|
||
|
# stdout: modified config
|
||
|
set -e
|
||
|
|
||
|
# save stdin in variable
|
||
|
stdin="$(cat)"
|
||
|
|
||
|
# write stdin
|
||
|
echo "$stdin"
|
||
|
|
||
|
# - https://wiki.archlinux.org/title/Security#Lock_out_user_after_three_failed_login_attempts
|
||
|
|
||
|
# Make locks persistent over reboot.
|
||
|
#
|
||
|
# Assert
|
||
|
echo "$stdin" | grep --quiet '^# dir = /var/run/faillock$'
|
||
|
! echo "$stdin" | grep --quiet '^dir[[:space:]]*='
|
||
|
# Insert
|
||
|
echo 'dir = /var/lib/faillock'
|
||
|
|
||
|
# Lock account after 5 failed entries.
|
||
|
#
|
||
|
# Assert
|
||
|
echo "$stdin" | grep --quiet '^# deny = 3$'
|
||
|
! echo "$stdin" | grep --quiet '^deny[[:space:]]*='
|
||
|
# Insert
|
||
|
echo 'deny = 5'
|
||
|
|
||
|
# Also lock root
|
||
|
#
|
||
|
# Assert
|
||
|
echo "$stdin" | grep --quiet '^# even_deny_root$'
|
||
|
! echo "$stdin" | grep --quiet '^even_deny_root[[:space:]]*'
|
||
|
# Insert
|
||
|
echo 'even_deny_root'
|
||
|
|
||
|
# Different unlock time for root: 60s
|
||
|
#
|
||
|
# Assert
|
||
|
echo "$stdin" | grep --quiet '^root_unlock_time = 900$'
|
||
|
! echo "$stdin" | grep --quiet '^root_unlock_time[[:space:]]*='
|
||
|
# Insert
|
||
|
echo 'root_unlock_time = 60'
|