mirror of
https://codeberg.org/privacy1st/arch
synced 2024-12-23 01:16:04 +01:00
update de-p1st-pam
This commit is contained in:
parent
64154fb649
commit
4387a23410
@ -2,7 +2,7 @@
|
|||||||
_pkgname=pam
|
_pkgname=pam
|
||||||
_reponame=arch
|
_reponame=arch
|
||||||
pkgname="de-p1st-$_pkgname"
|
pkgname="de-p1st-$_pkgname"
|
||||||
pkgver=0.0.3
|
pkgver=0.0.4
|
||||||
pkgrel=1
|
pkgrel=1
|
||||||
pkgdesc="PAM configuration"
|
pkgdesc="PAM configuration"
|
||||||
arch=('any')
|
arch=('any')
|
||||||
@ -19,4 +19,5 @@ package() {
|
|||||||
cd "${_reponame}/pkg/${pkgname}"
|
cd "${_reponame}/pkg/${pkgname}"
|
||||||
|
|
||||||
install -Dm0544 system-login.holoscript "$pkgdir"/usr/share/holo/files/20-"$pkgname"/etc/pam.d/system-login.holoscript
|
install -Dm0544 system-login.holoscript "$pkgdir"/usr/share/holo/files/20-"$pkgname"/etc/pam.d/system-login.holoscript
|
||||||
|
install -Dm0544 faillock.conf.holoscript "$pkgdir"/usr/share/holo/files/20-"$pkgname"/etc/security/faillock.conf.holoscript
|
||||||
}
|
}
|
||||||
|
44
pkg/de-p1st-pam/faillock.conf.holoscript
Normal file
44
pkg/de-p1st-pam/faillock.conf.holoscript
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
# stdin: default config
|
||||||
|
# stdout: modified config
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# save stdin in variable
|
||||||
|
stdin="$(cat)"
|
||||||
|
|
||||||
|
# write stdin
|
||||||
|
echo "$stdin"
|
||||||
|
|
||||||
|
# - https://wiki.archlinux.org/title/Security#Lock_out_user_after_three_failed_login_attempts
|
||||||
|
|
||||||
|
# Make locks persistent over reboot.
|
||||||
|
#
|
||||||
|
# Assert
|
||||||
|
echo "$stdin" | grep --quiet '^# dir = /var/run/faillock$'
|
||||||
|
! echo "$stdin" | grep --quiet '^dir[[:space:]]*='
|
||||||
|
# Insert
|
||||||
|
echo 'dir = /var/lib/faillock'
|
||||||
|
|
||||||
|
# Lock account after 5 failed entries.
|
||||||
|
#
|
||||||
|
# Assert
|
||||||
|
echo "$stdin" | grep --quiet '^# deny = 3$'
|
||||||
|
! echo "$stdin" | grep --quiet '^deny[[:space:]]*='
|
||||||
|
# Insert
|
||||||
|
echo 'deny = 5'
|
||||||
|
|
||||||
|
# Also lock root
|
||||||
|
#
|
||||||
|
# Assert
|
||||||
|
echo "$stdin" | grep --quiet '^# even_deny_root$'
|
||||||
|
! echo "$stdin" | grep --quiet '^even_deny_root[[:space:]]*'
|
||||||
|
# Insert
|
||||||
|
echo 'even_deny_root'
|
||||||
|
|
||||||
|
# Different unlock time for root: 60s
|
||||||
|
#
|
||||||
|
# Assert
|
||||||
|
echo "$stdin" | grep --quiet '^root_unlock_time = 900$'
|
||||||
|
! echo "$stdin" | grep --quiet '^root_unlock_time[[:space:]]*='
|
||||||
|
# Insert
|
||||||
|
echo 'root_unlock_time = 60'
|
@ -8,23 +8,23 @@ stdin="$(cat)"
|
|||||||
|
|
||||||
# assertions
|
# assertions
|
||||||
echo "=== assert UsePAM ===" 1>&2
|
echo "=== assert UsePAM ===" 1>&2
|
||||||
echo "$stdin" | grep --quiet '^UsePAM yes$'
|
echo "$stdin" | grep --quiet '^UsePAM[[:space:]]+yes$'
|
||||||
#
|
#
|
||||||
echo "=== assert PermitRootLogin ===" 1>&2
|
echo "=== assert PermitRootLogin ===" 1>&2
|
||||||
echo "$stdin" | grep --quiet '^#PermitRootLogin\s.*$'
|
echo "$stdin" | grep --quiet '^#PermitRootLogin[[:space:]]*'
|
||||||
! echo "$stdin" | grep --quiet '^PermitRootLogin\s.*$'
|
! echo "$stdin" | grep --quiet '^PermitRootLogin[[:space:]]+'
|
||||||
echo "=== assert PubkeyAuthentication ===" 1>&2
|
echo "=== assert PubkeyAuthentication ===" 1>&2
|
||||||
echo "$stdin" | grep --quiet '^#PubkeyAuthentication\s.*$'
|
echo "$stdin" | grep --quiet '^#PubkeyAuthentication[[:space:]]*'
|
||||||
! echo "$stdin" | grep --quiet '^PubkeyAuthentication\s.*$'
|
! echo "$stdin" | grep --quiet '^PubkeyAuthentication\[[:space:]]+'
|
||||||
echo "=== assert PasswordAuthentication ===" 1>&2
|
echo "=== assert PasswordAuthentication ===" 1>&2
|
||||||
echo "$stdin" | grep --quiet '^#PasswordAuthentication\s.*$'
|
echo "$stdin" | grep --quiet '^#PasswordAuthentication[[:space:]]*'
|
||||||
! echo "$stdin" | grep --quiet '^PasswordAuthentication\s.*$'
|
! echo "$stdin" | grep --quiet '^PasswordAuthentication[[:space:]]+'
|
||||||
echo "=== assert PermitEmptyPasswords ===" 1>&2
|
echo "=== assert PermitEmptyPasswords ===" 1>&2
|
||||||
echo "$stdin" | grep --quiet '^#PermitEmptyPasswords\s.*$'
|
echo "$stdin" | grep --quiet '^#PermitEmptyPasswords[[:space:]]*'
|
||||||
! echo "$stdin" | grep --quiet '^PermitEmptyPasswords\s.*$'
|
! echo "$stdin" | grep --quiet '^PermitEmptyPasswords[[:space:]]+'
|
||||||
echo "=== assert X11Forwarding ===" 1>&2
|
echo "=== assert X11Forwarding ===" 1>&2
|
||||||
echo "$stdin" | grep --quiet '^#X11Forwarding\s.*$'
|
echo "$stdin" | grep --quiet '^#X11Forwarding[[:space:]]*'
|
||||||
! echo "$stdin" | grep --quiet '^X11Forwarding\s.*$'
|
! echo "$stdin" | grep --quiet '^X11Forwarding[[:space:]]+'
|
||||||
|
|
||||||
echo "=== sed ===" 1>&2
|
echo "=== sed ===" 1>&2
|
||||||
echo "$stdin" | sed '
|
echo "$stdin" | sed '
|
||||||
|
Loading…
Reference in New Issue
Block a user