mirror of
https://github.com/Kicksecure/security-misc.git
synced 2025-06-14 10:29:18 -04:00
printf
This commit is contained in:
Patrick Schleizer
parent
7f2ba0980d
commit
d8feca1276
1 changed files with 13 additions and 13 deletions
|
|
@ -42,7 +42,7 @@ if [ ! "$grep_result" = "" ]; then
|
|||
## Yes, grep matched.
|
||||
|
||||
## Check if not out commented.
|
||||
if ! echo "$grep_result" | grep --quiet -- "#" ; then
|
||||
if ! printf '%s\n' "$grep_result" | grep --quiet -- "#" ; then
|
||||
## Not out commented indeed.
|
||||
|
||||
## https://forums.whonix.org/t/etc-security-hardening-console-lockdown/8592
|
||||
|
|
@ -55,7 +55,7 @@ if [ ! "$grep_result" = "" ]; then
|
|||
fi
|
||||
|
||||
if [ ! "$console_allowed" = "true" ]; then
|
||||
echo "\
|
||||
printf '%s\n' "\
|
||||
$0: ERROR: PAM_USER: '$PAM_USER' is not a member of group 'console'
|
||||
To unlock, run the following command as superuser:
|
||||
(If you still have a sudo/root shell somewhere.)
|
||||
|
|
@ -76,7 +76,7 @@ if [ "$PAM_USER" = 'sysmaint' ]; then
|
|||
sysmaint_passwd_info="$(passwd --status sysmaint 2>/dev/null)" || true
|
||||
sysmaint_lock_info="$(cut -d' ' -f2 <<< "${sysmaint_passwd_info}")"
|
||||
if [ "${sysmaint_lock_info}" = 'L' ]; then
|
||||
echo "$0: ERROR: Reboot and choose 'PERSISTENT Mode - SYSMAINT Session' for system maintenance. See https://www.kicksecure.com/wiki/Sysmaint"
|
||||
printf '%s\n' "$0: ERROR: Reboot and choose 'PERSISTENT Mode - SYSMAINT Session' for system maintenance. See https://www.kicksecure.com/wiki/Sysmaint"
|
||||
fi
|
||||
fi
|
||||
|
||||
|
|
@ -84,7 +84,7 @@ kernel_cmdline="$(cat /proc/cmdline)"
|
|||
|
||||
if [ "$PAM_USER" != 'sysmaint' ] \
|
||||
&& [[ "${kernel_cmdline}" =~ 'boot-role=sysmaint' ]]; then
|
||||
echo "$0: WARNING: Use account 'sysmaint' for system maintenance. See https://www.kicksecure.com/wiki/Sysmaint"
|
||||
printf '%s\n' "$0: WARNING: Use account 'sysmaint' for system maintenance. See https://www.kicksecure.com/wiki/Sysmaint"
|
||||
fi
|
||||
|
||||
## https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698
|
||||
|
|
@ -95,7 +95,7 @@ fi
|
|||
# if [ -f /etc/securetty ]; then
|
||||
# grep_result="$(grep "^[^#]" /etc/securetty)"
|
||||
# if [ "$grep_result" = "" ]; then
|
||||
# echo "\
|
||||
# printf '%s\n' "\
|
||||
# $0: ERROR: Root login is disabled.
|
||||
# ERROR: This is because /etc/securetty is empty.
|
||||
# See also:
|
||||
|
|
@ -143,7 +143,7 @@ fi
|
|||
## Usage: faillock [--dir /path/to/tally-directory] [--user username] [--reset]
|
||||
|
||||
## Get first line.
|
||||
#pam_faillock_output_first_line="$(echo "$pam_faillock_output" | head --lines=1)"
|
||||
#pam_faillock_output_first_line="$(printf '%s\n' "$pam_faillock_output" | head --lines=1)"
|
||||
while read -t 10 -r pam_faillock_output_first_line ; do
|
||||
break
|
||||
done <<< "$pam_faillock_output"
|
||||
|
|
@ -152,12 +152,12 @@ true "pam_faillock_output_first_line: '$pam_faillock_output_first_line'"
|
|||
## example pam_faillock_output_first_line:
|
||||
## user:
|
||||
|
||||
user_name="$(echo "$pam_faillock_output_first_line" | str_replace ":" "")"
|
||||
user_name="$(printf '%s\n' "$pam_faillock_output_first_line" | str_replace ":" "")"
|
||||
## example user_name:
|
||||
## user
|
||||
## root
|
||||
|
||||
pam_faillock_output_count="$(echo "$pam_faillock_output" | wc -l)"
|
||||
pam_faillock_output_count="$(printf '%s\n' "$pam_faillock_output" | wc -l)"
|
||||
## example pam_faillock_output_count:
|
||||
## 2
|
||||
## example pam_faillock_output_count:
|
||||
|
|
@ -186,13 +186,13 @@ deny=3
|
|||
|
||||
if test -f /etc/security/faillock.conf ; then
|
||||
deny_line=$(grep --invert-match "#" -- /etc/security/faillock.conf | grep -- "deny =")
|
||||
deny="$(echo "$deny_line" | str_replace "=" "" | str_replace "deny" "" | str_replace " " "")"
|
||||
deny="$(printf '%s\n' "$deny_line" | str_replace "=" "" | str_replace "deny" "" | str_replace " " "")"
|
||||
## Example:
|
||||
#deny=50
|
||||
fi
|
||||
|
||||
if [[ "$deny" == *[!0-9]* ]]; then
|
||||
echo "\
|
||||
printf '%s\n' "\
|
||||
$0: ERROR: deny is not numeric. deny: '$deny'
|
||||
ERROR: Please report this bug.
|
||||
" >&2
|
||||
|
|
@ -202,7 +202,7 @@ fi
|
|||
remaining_attempts="$(( $deny - $failed_login_counter ))"
|
||||
|
||||
if [ "$remaining_attempts" -le "0" ]; then
|
||||
echo "\
|
||||
printf '%s\n' "\
|
||||
$0: ERROR: Login blocked after $failed_login_counter attempts.
|
||||
To unlock, run the following command as superuser:
|
||||
(If you still have a sudo/root shell somewhere.)
|
||||
|
|
@ -217,14 +217,14 @@ https://www.kicksecure.com/wiki/root#unlock
|
|||
exit 0
|
||||
fi
|
||||
|
||||
echo "\
|
||||
printf '%s\n' "\
|
||||
$0: WARNING: $failed_login_counter failed login attempts for user_name '$user_name'.
|
||||
Login will be blocked after $deny attempts.
|
||||
You have $remaining_attempts more attempts before unlock procedure is required.
|
||||
" >&2
|
||||
|
||||
if [ "$PAM_SERVICE" = "su" ]; then
|
||||
echo "\
|
||||
printf '%s\n' "\
|
||||
$0: NOTE: Type the password. When entering the password, no password feedback (no asterisk (\"*\") symbol) will be shown.
|
||||
" >&2
|
||||
fi
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue