This commit is contained in:
Patrick Schleizer 2022-11-24 07:20:56 -05:00
parent ad1e722879
commit 421f03ae9e
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48

View File

@ -52,17 +52,18 @@ if [ ! "$grep_result" = "" ]; then
fi fi
if [ ! "$console_allowed" = "true" ]; then if [ ! "$console_allowed" = "true" ]; then
echo "$0: ERROR: PAM_USER: '$PAM_USER' is not a member of group 'console'" >&2 echo "\
echo "$0: To unlock, run the following command as superuser:" >&2 $0: ERROR: PAM_USER: '$PAM_USER' is not a member of group 'console'
echo "$0: (If you still have a sudo/root shell somewhere.)" >&2 To unlock, run the following command as superuser:
echo "" >&2 (If you still have a sudo/root shell somewhere.)
echo "adduser $PAM_USER console" >&2
echo "" >&2 adduser $PAM_USER console
echo "$0: However, possibly unlock procedure is required." >&2
echo "$0: First boot into recovery mode at grub boot menu and then run above command." >&2 However, possibly unlock procedure is required.
echo "$0: See also:" >&2 First boot into recovery mode at grub boot menu and then run above command.
echo "https://www.kicksecure.com/wiki/root#console" >&2 See also:
echo "" >&2 https://www.kicksecure.com/wiki/root#console
" >&2
exit 0 exit 0
fi fi
fi fi
@ -76,11 +77,12 @@ fi
# if [ -f /etc/securetty ]; then # if [ -f /etc/securetty ]; then
# grep_result="$(grep "^[^#]" /etc/securetty)" # grep_result="$(grep "^[^#]" /etc/securetty)"
# if [ "$grep_result" = "" ]; then # if [ "$grep_result" = "" ]; then
# echo "$0: ERROR: Root login is disabled." >&2 # echo "\
# echo "$0: ERROR: This is because /etc/securetty is empty." >&2 # $0: ERROR: Root login is disabled.
# echo "$0: See also:" >&2 # ERROR: This is because /etc/securetty is empty.
# echo "https://www.kicksecure.com/wiki/root#login" >&2 # See also:
# echo "" >&2 # https://www.kicksecure.com/wiki/root#login
# " >&2
# exit 0 # exit 0
# fi # fi
# fi # fi
@ -164,37 +166,41 @@ if test -f /etc/security/faillock.conf ; then
fi fi
if [[ "$deny" == *[!0-9]* ]]; then if [[ "$deny" == *[!0-9]* ]]; then
echo "$0: ERROR: deny is not numeric. deny: '$deny'" >&2 echo "\
echo "$0: ERROR: Please report this bug." >&2 $0: ERROR: deny is not numeric. deny: '$deny'
echo "" >&2 ERROR: Please report this bug.
" >&2
exit 0 exit 0
fi fi
remaining_attempts="$(( $deny - $failed_login_counter ))" remaining_attempts="$(( $deny - $failed_login_counter ))"
if [ "$remaining_attempts" -le "0" ]; then if [ "$remaining_attempts" -le "0" ]; then
echo "$0: ERROR: Login blocked after $failed_login_counter attempts." >&2 echo "\
echo "$0: To unlock, run the following command as superuser:" >&2 $0: ERROR: Login blocked after $failed_login_counter attempts.
echo "$0: (If you still have a sudo/root shell somewhere.)" >&2 To unlock, run the following command as superuser:
echo "" >&2 (If you still have a sudo/root shell somewhere.)
echo "faillock --reset --user $PAM_USER" >&2
echo "" >&2 faillock --reset --user $PAM_USER
echo "$0: However, most likely unlock procedure is required." >&2
echo "$0: First boot into recovery mode at grub boot menu and then run above command." >&2 However, most likely unlock procedure is required.
echo "$0: See also:" >&2 First boot into recovery mode at grub boot menu and then run above command.
echo "https://www.kicksecure.com/wiki/root#unlock" >&2 See also:
echo "" >&2 https://www.kicksecure.com/wiki/root#unlock
" >&2
exit 0 exit 0
fi fi
echo "$0: WARNING: $failed_login_counter failed login attempts for user_name '$user_name'." >&2 echo "\
echo "$0: Login will be blocked after $deny attempts." >&2 $0: WARNING: $failed_login_counter failed login attempts for user_name '$user_name'.
echo "$0: You have $remaining_attempts more attempts before unlock procedure is required." >&2 Login will be blocked after $deny attempts.
echo "" >&2 You have $remaining_attempts more attempts before unlock procedure is required.
" >&2
if [ "$PAM_SERVICE" = "su" ]; then if [ "$PAM_SERVICE" = "su" ]; then
echo "$0: NOTE: Type the password. When entering the password, no password feedback (no asterisk (\"*\") symbol) will be shown." >&2 echo "\
echo "" >&2 $0: NOTE: Type the password. When entering the password, no password feedback (no asterisk (\"*\") symbol) will be shown.
" >&2
fi fi
true "$0: END" true "$0: END"