arch/pkg/de-p1st-pam/faillock.conf.holoscript

45 lines
982 B
Plaintext
Raw Normal View History

2022-04-15 17:36:53 +02:00
#!/bin/sh
# stdin: default config
# stdout: modified config
set -e
# save stdin in variable
stdin="$(cat)"
# write stdin
echo "$stdin"
# - https://wiki.archlinux.org/title/Security#Lock_out_user_after_three_failed_login_attempts
# Make locks persistent over reboot.
#
# Assert
echo "$stdin" | grep --quiet '^# dir = /var/run/faillock$'
! echo "$stdin" | grep --quiet '^dir[[:space:]]*='
# Insert
echo 'dir = /var/lib/faillock'
# Lock account after 5 failed entries.
#
# Assert
echo "$stdin" | grep --quiet '^# deny = 3$'
! echo "$stdin" | grep --quiet '^deny[[:space:]]*='
# Insert
echo 'deny = 5'
# Also lock root
#
# Assert
echo "$stdin" | grep --quiet '^# even_deny_root$'
! echo "$stdin" | grep --quiet '^even_deny_root[[:space:]]*'
# Insert
echo 'even_deny_root'
# Different unlock time for root: 60s
#
# Assert
echo "$stdin" | grep --quiet '^root_unlock_time = 900$'
! echo "$stdin" | grep --quiet '^root_unlock_time[[:space:]]*='
# Insert
echo 'root_unlock_time = 60'