2022-11-22 05:57:30 -05:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
## Copyright (C) 2022 - 2022 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
|
|
|
|
## See the file COPYING for copying conditions.
|
|
|
|
|
2022-11-24 06:24:14 -05:00
|
|
|
true "$0: START PHASE 1"
|
|
|
|
|
|
|
|
if test -f /etc/pam-info-debug || test -f /usr/local/etc/pam-info-debug ; then
|
|
|
|
set -x
|
|
|
|
exec 5>&1 1>> ~/pam-info-debug.txt
|
|
|
|
exec 6>&2 2>> ~/pam-info-debug.txt
|
|
|
|
fi
|
|
|
|
|
|
|
|
true "$0: START PHASE 2"
|
|
|
|
|
2022-11-22 05:57:30 -05:00
|
|
|
if ! command -v "/usr/sbin/faillock" &>/dev/null; then
|
|
|
|
true "$0: ERROR: The faillock program is unavailable, exiting."
|
|
|
|
exit 2
|
|
|
|
fi
|
|
|
|
|
|
|
|
who_ami="$(whoami)"
|
|
|
|
|
2022-11-24 06:14:04 -05:00
|
|
|
if [ "$SUDO_USER" = "" ]; then
|
|
|
|
user_to_check="$who_ami"
|
|
|
|
else
|
|
|
|
user_to_check="$SUDO_USER"
|
|
|
|
fi
|
|
|
|
|
2022-11-22 05:57:30 -05:00
|
|
|
if [ "$(id -u)" = "0" ]; then
|
|
|
|
faillock_program="/usr/sbin/faillock"
|
|
|
|
else
|
|
|
|
## as user "user"
|
|
|
|
## /usr/sbin/faillock -u user
|
|
|
|
## faillock: Error opening /var/log/tallylog for update: Permission denied
|
|
|
|
## /usr/sbin/faillock: Authentication error
|
|
|
|
##
|
|
|
|
## xscreensaver runs as user "user", therefore pam_faillock cannot function.
|
|
|
|
## xscreensaver has its own failed login counter.
|
|
|
|
##
|
|
|
|
## https://askubuntu.com/questions/983183/how-lock-the-unlock-screen-after-wrong-password-attempts
|
|
|
|
##
|
|
|
|
## https://www.whonix.org/pipermail/whonix-devel/2019-September/001439.html
|
|
|
|
#true "$0: not started as root, exiting."
|
|
|
|
#exit 0
|
|
|
|
|
|
|
|
faillock_program="sudo --non-interactive /usr/sbin/faillock"
|
|
|
|
fi
|
|
|
|
|
2022-11-24 06:14:04 -05:00
|
|
|
$faillock_program --user "$user_to_check"
|
2022-11-22 05:57:30 -05:00
|
|
|
|
|
|
|
exit $?
|