Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-05-02 19:24:51 -04:00
Code Issues Projects Releases Packages Wiki Activity

renamed: usr/libexec/security-misc/pam_tally2-info -> usr/libexec/security-misc/pam-info

Browse source 
renamed:    usr/libexec/security-misc/pam_tally2_not_if_x -> usr/libexec/security-misc/pam_faillock_not_if_x
renamed:    usr/share/pam-configs/tally2-security-misc -> usr/share/pam-configs/faillock-security-misc
This commit is contained in:
Patrick Schleizer 2021-08-10 15:06:04 -04:00
parent 6376bbff80
commit 2aea74bd71
No known key found for this signature in database
GPG key ID: CB8D50BB77BB3C48
3 changed files with 0 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

42
usr/libexec/security-misc/pam_faillock_not_if_x Executable file
View file

@ -0,0 +1,42 @@
#!/bin/bash
## Copyright (C) 2019 - 2021 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
## See the file COPYING for copying conditions.
## https://serverfault.com/questions/134471/success-n-control-syntax-in-pam-conf-pam-d-files
set -x
true "PAM_SERVICE: $PAM_SERVICE"
## PAM configuration notes
##
## success=$num
## "will specify how many rules to skip when successful."
## https://serverfault.com/questions/134471/success-n-control-syntax-in-pam-conf-pam-d-files
##
## ignore
## "when used with a stack of modules, the module's return status will not contribute to the return code the application obtains."
## http://www.linux-pam.org/Linux-PAM-html/sag-configuration-file.html
## - Failed dovecot logins should not result in account getting locked.
## - Failed SSH public key authentication attempts do not increase pam_tally2
## counter for some reason.
## This list can later be extended as needed.
pam_service_exclusion_list="dovecot"
for pam_service_exclusion_item in $pam_service_exclusion_list ; do
if [ "$PAM_SERVICE" = "$pam_service_exclusion_item" ]; then
## exit success so [success=1 default=ignore] will result in skipping the
## next PAM module (the pam_tally2 module).
exit 0
fi
done
## exit failure so [success=1 default=ignore] will result in running the
## next PAM module (the pam_tally2 module).
##
## Causes confusing error message:
## pam_exec(sudo:auth): /usr/libexec/security-misc/pam_tally2_not_if_x failed: exit code 1
## https://github.com/linux-pam/linux-pam/issues/329
exit 1