From 404f597c0aaddeef3c8c555d2d7f5a9993f9e512 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Wed, 31 Jul 2019 07:29:42 +0000
Subject: [PATCH] description

---
 debian/control                | 5 +++++
 debian/security-misc.postinst | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/debian/control b/debian/control
index b72ce15..5ff0bba 100644
--- a/debian/control
+++ b/debian/control
@@ -109,6 +109,11 @@ Description: enhances misc security settings
  from using su to gain root access or switch user accounts.
  /usr/share/pam-configs/security-misc
  (Which results in a change in /etc/pam.d/common-auth.)
+ .
+ * Add user `root` to group `sudo`.
+ .
+ * Lock user accounts after 5 failed login attempts using pam_tally2.
+ /usr/share/pam-configs/security-misc
  .
   * Logging into the root account from a virtual, serial, whatnot console is
  prevented by shipping an existing and empty /etc/securetty.
diff --git a/debian/security-misc.postinst b/debian/security-misc.postinst
index 1bbae43..194929f 100644
--- a/debian/security-misc.postinst
+++ b/debian/security-misc.postinst
@@ -55,6 +55,8 @@ case "$1" in
     ;;
 esac
 
+addgroup root sudo
+
 pam-auth-update --package
 
 home_folder_access_rights_lockdown