Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-02-04 16:45:21 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Patrick Schleizer 2022-11-24 06:49:15 -05:00
parent 73963a9e68
commit 39b35ef9ac
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
2 changed files with 16 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
usr/bin/faillock-user
View File

@ -30,26 +30,8 @@ else
user_to_check="$SUDO_USER" user_to_check="$SUDO_USER"
fi fi
if [ "$(id -u)" = "0" ]; then faillock --user "$user_to_check"
faillock_program="/usr/sbin/faillock"
else
## as user "user"
## /usr/sbin/faillock -u user
## faillock: Error opening /var/log/tallylog for update: Permission denied
## /usr/sbin/faillock: Authentication error
##
## xscreensaver runs as user "user", therefore pam_faillock cannot function.
## xscreensaver has its own failed login counter.
##
## https://askubuntu.com/questions/983183/how-lock-the-unlock-screen-after-wrong-password-attempts
##
## https://www.whonix.org/pipermail/whonix-devel/2019-September/001439.html
#true "$0: not started as root, exiting."
#exit 0
faillock_program="sudo --non-interactive /usr/sbin/faillock"
fi
$faillock_program --user "$user_to_check"
## Debugging.
## Explicit "exit $?" to have it recorded in the xtrace if enabled.
exit $? exit $?

14
usr/libexec/security-misc/pam-info
View File

@ -91,9 +91,21 @@ fi
# fi # fi
# fi # fi
## as user "user"
## /usr/sbin/faillock -u user
## faillock: Error opening /var/log/tallylog for update: Permission denied
## /usr/sbin/faillock: Authentication error
##
## xscreensaver runs as user "user", therefore pam_faillock cannot function.
## xscreensaver has its own failed login counter.
##
## https://askubuntu.com/questions/983183/how-lock-the-unlock-screen-after-wrong-password-attempts
##
## https://www.whonix.org/pipermail/whonix-devel/2019-September/001439.html
##
## Checking exit code to avoid breaking when read-only disk boot but ## Checking exit code to avoid breaking when read-only disk boot but
## without ro-mode-init or grub-live being used. ## without ro-mode-init or grub-live being used.
if ! pam_faillock_output="$(/usr/bin/faillock-user)" ; then if ! pam_faillock_output="$(sudo --non-interactive /usr/bin/faillock-user)" ; then
true "$0: /usr/bin/faillock-user non-zero exit code." true "$0: /usr/bin/faillock-user non-zero exit code."
exit 0 exit 0
fi fi