pam-info refactoring

usr/libexec/security-misc/pam-info

@@ -19,6 +19,11 @@ fi
 
 true "$0: START PHASE 2"
 
+set -o pipefail
+
+## Debugging.
+who_ami="$(whoami)"
+
 grep_result="$(grep "accessfile=/etc/security/access-security-misc.conf" /etc/pam.d/common-account 2>/dev/null)"
 
 ## Check if grep matched something.
@@ -104,12 +109,16 @@ fi
 ## 2021-08-10 16:26:33 RHOST                                                      V
 ## 2021-08-10 16:26:54 RHOST                                                      V
 
-pam_faillock_output_first_line="$(echo "$pam_faillock_output" | head -1)"
+## Get first line.
+#pam_faillock_output_first_line="$(echo "$pam_faillock_output" | head --lines=1)"
+echo "$pam_faillock_output" | read -t 10 -r pam_faillock_output_first_line || true
+
+## example pam_faillock_output_first_line:
+## user:
+
 user_name="$(echo "$pam_faillock_output_first_line" | LANG=C str_replace ":" "")"
-
-pam_faillock_output_count="$(echo "$pam_faillock_output" | wc -l)"
-
-failed_login_counter=$(( pam_faillock_output_count - 2 ))
+## example user_name:
+## user
 
 if [ ! "$PAM_USER" = "$user_name" ]; then
    echo "$0: ERROR: PAM_USER: '$PAM_USER' does not equal user_name: '$user_name'." >&2
@@ -118,12 +127,25 @@ if [ ! "$PAM_USER" = "$user_name" ]; then
    exit 0
 fi
 
+pam_faillock_output_count="$(echo "$pam_faillock_output" | wc -l)"
+## example pam_faillock_output_count:
+## 2
+## example pam_faillock_output_count:
+## 4
+
+## Do not count the first two informational textual output lines
+## (starting with "user:" and "When").
+failed_login_counter=$(( pam_faillock_output_count - 2 ))
+
+## example failed_login_counter:
+## 2
+
 if [ "$failed_login_counter" = "0" ]; then
    true "$0: INFO: Failed login counter is 0, ok."
    exit 0
 fi
 
-## pam_faillock default
+## pam_faillock default if it cannot be determined below.
 deny=3
 
 if test -f /etc/security/faillock.conf ; then