mirror of
https://codeberg.org/privacy1st/arch
synced 2025-01-22 04:32:42 +01:00
update de-p1st-pam
This commit is contained in:
parent
64154fb649
commit
4387a23410
@ -2,7 +2,7 @@
|
||||
_pkgname=pam
|
||||
_reponame=arch
|
||||
pkgname="de-p1st-$_pkgname"
|
||||
pkgver=0.0.3
|
||||
pkgver=0.0.4
|
||||
pkgrel=1
|
||||
pkgdesc="PAM configuration"
|
||||
arch=('any')
|
||||
@ -18,5 +18,6 @@ sha256sums=('SKIP')
|
||||
package() {
|
||||
cd "${_reponame}/pkg/${pkgname}"
|
||||
|
||||
install -Dm0544 system-login.holoscript "$pkgdir"/usr/share/holo/files/20-"$pkgname"/etc/pam.d/system-login.holoscript
|
||||
install -Dm0544 system-login.holoscript "$pkgdir"/usr/share/holo/files/20-"$pkgname"/etc/pam.d/system-login.holoscript
|
||||
install -Dm0544 faillock.conf.holoscript "$pkgdir"/usr/share/holo/files/20-"$pkgname"/etc/security/faillock.conf.holoscript
|
||||
}
|
||||
|
44
pkg/de-p1st-pam/faillock.conf.holoscript
Normal file
44
pkg/de-p1st-pam/faillock.conf.holoscript
Normal file
@ -0,0 +1,44 @@
|
||||
#!/bin/sh
|
||||
# stdin: default config
|
||||
# stdout: modified config
|
||||
set -e
|
||||
|
||||
# save stdin in variable
|
||||
stdin="$(cat)"
|
||||
|
||||
# write stdin
|
||||
echo "$stdin"
|
||||
|
||||
# - https://wiki.archlinux.org/title/Security#Lock_out_user_after_three_failed_login_attempts
|
||||
|
||||
# Make locks persistent over reboot.
|
||||
#
|
||||
# Assert
|
||||
echo "$stdin" | grep --quiet '^# dir = /var/run/faillock$'
|
||||
! echo "$stdin" | grep --quiet '^dir[[:space:]]*='
|
||||
# Insert
|
||||
echo 'dir = /var/lib/faillock'
|
||||
|
||||
# Lock account after 5 failed entries.
|
||||
#
|
||||
# Assert
|
||||
echo "$stdin" | grep --quiet '^# deny = 3$'
|
||||
! echo "$stdin" | grep --quiet '^deny[[:space:]]*='
|
||||
# Insert
|
||||
echo 'deny = 5'
|
||||
|
||||
# Also lock root
|
||||
#
|
||||
# Assert
|
||||
echo "$stdin" | grep --quiet '^# even_deny_root$'
|
||||
! echo "$stdin" | grep --quiet '^even_deny_root[[:space:]]*'
|
||||
# Insert
|
||||
echo 'even_deny_root'
|
||||
|
||||
# Different unlock time for root: 60s
|
||||
#
|
||||
# Assert
|
||||
echo "$stdin" | grep --quiet '^root_unlock_time = 900$'
|
||||
! echo "$stdin" | grep --quiet '^root_unlock_time[[:space:]]*='
|
||||
# Insert
|
||||
echo 'root_unlock_time = 60'
|
@ -8,23 +8,23 @@ stdin="$(cat)"
|
||||
|
||||
# assertions
|
||||
echo "=== assert UsePAM ===" 1>&2
|
||||
echo "$stdin" | grep --quiet '^UsePAM yes$'
|
||||
echo "$stdin" | grep --quiet '^UsePAM[[:space:]]+yes$'
|
||||
#
|
||||
echo "=== assert PermitRootLogin ===" 1>&2
|
||||
echo "$stdin" | grep --quiet '^#PermitRootLogin\s.*$'
|
||||
! echo "$stdin" | grep --quiet '^PermitRootLogin\s.*$'
|
||||
echo "$stdin" | grep --quiet '^#PermitRootLogin[[:space:]]*'
|
||||
! echo "$stdin" | grep --quiet '^PermitRootLogin[[:space:]]+'
|
||||
echo "=== assert PubkeyAuthentication ===" 1>&2
|
||||
echo "$stdin" | grep --quiet '^#PubkeyAuthentication\s.*$'
|
||||
! echo "$stdin" | grep --quiet '^PubkeyAuthentication\s.*$'
|
||||
echo "$stdin" | grep --quiet '^#PubkeyAuthentication[[:space:]]*'
|
||||
! echo "$stdin" | grep --quiet '^PubkeyAuthentication\[[:space:]]+'
|
||||
echo "=== assert PasswordAuthentication ===" 1>&2
|
||||
echo "$stdin" | grep --quiet '^#PasswordAuthentication\s.*$'
|
||||
! echo "$stdin" | grep --quiet '^PasswordAuthentication\s.*$'
|
||||
echo "$stdin" | grep --quiet '^#PasswordAuthentication[[:space:]]*'
|
||||
! echo "$stdin" | grep --quiet '^PasswordAuthentication[[:space:]]+'
|
||||
echo "=== assert PermitEmptyPasswords ===" 1>&2
|
||||
echo "$stdin" | grep --quiet '^#PermitEmptyPasswords\s.*$'
|
||||
! echo "$stdin" | grep --quiet '^PermitEmptyPasswords\s.*$'
|
||||
echo "$stdin" | grep --quiet '^#PermitEmptyPasswords[[:space:]]*'
|
||||
! echo "$stdin" | grep --quiet '^PermitEmptyPasswords[[:space:]]+'
|
||||
echo "=== assert X11Forwarding ===" 1>&2
|
||||
echo "$stdin" | grep --quiet '^#X11Forwarding\s.*$'
|
||||
! echo "$stdin" | grep --quiet '^X11Forwarding\s.*$'
|
||||
echo "$stdin" | grep --quiet '^#X11Forwarding[[:space:]]*'
|
||||
! echo "$stdin" | grep --quiet '^X11Forwarding[[:space:]]+'
|
||||
|
||||
echo "=== sed ===" 1>&2
|
||||
echo "$stdin" | sed '
|
||||
|
Loading…
x
Reference in New Issue
Block a user