Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-06-16 18:19:14 -04:00
Code Issues Projects Releases Packages Wiki Activity

printf

Browse source
This commit is contained in:
Patrick Schleizer 2025-05-18 06:41:41 -04:00
parent 7f2ba0980d
commit d8feca1276
No known key found for this signature in database
GPG key ID: CB8D50BB77BB3C48
1 changed files with 13 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

26
usr/libexec/security-misc/pam-info
View file

@ -42,7 +42,7 @@ if [ ! "$grep_result" = "" ]; then
## Yes, grep matched. ## Yes, grep matched.
## Check if not out commented. ## Check if not out commented.
if ! echo "$grep_result" | grep --quiet -- "#" ; then if ! printf '%s\n' "$grep_result" | grep --quiet -- "#" ; then
## Not out commented indeed. ## Not out commented indeed.
## https://forums.whonix.org/t/etc-security-hardening-console-lockdown/8592 ## https://forums.whonix.org/t/etc-security-hardening-console-lockdown/8592
@ -55,7 +55,7 @@ if [ ! "$grep_result" = "" ]; then
fi fi
if [ ! "$console_allowed" = "true" ]; then if [ ! "$console_allowed" = "true" ]; then
echo "\ printf '%s\n' "\
$0: ERROR: PAM_USER: '$PAM_USER' is not a member of group 'console' $0: ERROR: PAM_USER: '$PAM_USER' is not a member of group 'console'
To unlock, run the following command as superuser: To unlock, run the following command as superuser:
(If you still have a sudo/root shell somewhere.) (If you still have a sudo/root shell somewhere.)
@ -76,7 +76,7 @@ if [ "$PAM_USER" = 'sysmaint' ]; then
sysmaint_passwd_info="$(passwd --status sysmaint 2>/dev/null)" || true sysmaint_passwd_info="$(passwd --status sysmaint 2>/dev/null)" || true
sysmaint_lock_info="$(cut -d' ' -f2 <<< "${sysmaint_passwd_info}")" sysmaint_lock_info="$(cut -d' ' -f2 <<< "${sysmaint_passwd_info}")"
if [ "${sysmaint_lock_info}" = 'L' ]; then if [ "${sysmaint_lock_info}" = 'L' ]; then
echo "$0: ERROR: Reboot and choose 'PERSISTENT Mode - SYSMAINT Session' for system maintenance. See https://www.kicksecure.com/wiki/Sysmaint" printf '%s\n' "$0: ERROR: Reboot and choose 'PERSISTENT Mode - SYSMAINT Session' for system maintenance. See https://www.kicksecure.com/wiki/Sysmaint"
fi fi
fi fi
@ -84,7 +84,7 @@ kernel_cmdline="$(cat /proc/cmdline)"
if [ "$PAM_USER" != 'sysmaint' ] \ if [ "$PAM_USER" != 'sysmaint' ] \
&& [[ "${kernel_cmdline}" =~ 'boot-role=sysmaint' ]]; then && [[ "${kernel_cmdline}" =~ 'boot-role=sysmaint' ]]; then
echo "$0: WARNING: Use account 'sysmaint' for system maintenance. See https://www.kicksecure.com/wiki/Sysmaint" printf '%s\n' "$0: WARNING: Use account 'sysmaint' for system maintenance. See https://www.kicksecure.com/wiki/Sysmaint"
fi fi
## https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698 ## https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698
@ -95,7 +95,7 @@ fi
# if [ -f /etc/securetty ]; then # if [ -f /etc/securetty ]; then
# grep_result="$(grep "^[^#]" /etc/securetty)" # grep_result="$(grep "^[^#]" /etc/securetty)"
# if [ "$grep_result" = "" ]; then # if [ "$grep_result" = "" ]; then
# echo "\ # printf '%s\n' "\
# $0: ERROR: Root login is disabled. # $0: ERROR: Root login is disabled.
# ERROR: This is because /etc/securetty is empty. # ERROR: This is because /etc/securetty is empty.
# See also: # See also:
@ -143,7 +143,7 @@ fi
## Usage: faillock [--dir /path/to/tally-directory] [--user username] [--reset] ## Usage: faillock [--dir /path/to/tally-directory] [--user username] [--reset]
## Get first line. ## Get first line.
#pam_faillock_output_first_line="$(echo "$pam_faillock_output" | head --lines=1)" #pam_faillock_output_first_line="$(printf '%s\n' "$pam_faillock_output" | head --lines=1)"
while read -t 10 -r pam_faillock_output_first_line ; do while read -t 10 -r pam_faillock_output_first_line ; do
break break
done <<< "$pam_faillock_output" done <<< "$pam_faillock_output"
@ -152,12 +152,12 @@ true "pam_faillock_output_first_line: '$pam_faillock_output_first_line'"
## example pam_faillock_output_first_line: ## example pam_faillock_output_first_line:
## user: ## user:
user_name="$(echo "$pam_faillock_output_first_line" | str_replace ":" "")" user_name="$(printf '%s\n' "$pam_faillock_output_first_line" | str_replace ":" "")"
## example user_name: ## example user_name:
## user ## user
## root ## root
pam_faillock_output_count="$(echo "$pam_faillock_output" | wc -l)" pam_faillock_output_count="$(printf '%s\n' "$pam_faillock_output" | wc -l)"
## example pam_faillock_output_count: ## example pam_faillock_output_count:
## 2 ## 2
## example pam_faillock_output_count: ## example pam_faillock_output_count:
@ -186,13 +186,13 @@ deny=3
if test -f /etc/security/faillock.conf ; then if test -f /etc/security/faillock.conf ; then
deny_line=$(grep --invert-match "#" -- /etc/security/faillock.conf | grep -- "deny =") deny_line=$(grep --invert-match "#" -- /etc/security/faillock.conf | grep -- "deny =")
deny="$(echo "$deny_line" | str_replace "=" "" | str_replace "deny" "" | str_replace " " "")" deny="$(printf '%s\n' "$deny_line" | str_replace "=" "" | str_replace "deny" "" | str_replace " " "")"
## Example: ## Example:
#deny=50 #deny=50
fi fi
if [[ "$deny" == *[!0-9]* ]]; then if [[ "$deny" == *[!0-9]* ]]; then
echo "\ printf '%s\n' "\
$0: ERROR: deny is not numeric. deny: '$deny' $0: ERROR: deny is not numeric. deny: '$deny'
ERROR: Please report this bug. ERROR: Please report this bug.
" >&2 " >&2
@ -202,7 +202,7 @@ fi
remaining_attempts="$(( $deny - $failed_login_counter ))" remaining_attempts="$(( $deny - $failed_login_counter ))"
if [ "$remaining_attempts" -le "0" ]; then if [ "$remaining_attempts" -le "0" ]; then
echo "\ printf '%s\n' "\
$0: ERROR: Login blocked after $failed_login_counter attempts. $0: ERROR: Login blocked after $failed_login_counter attempts.
To unlock, run the following command as superuser: To unlock, run the following command as superuser:
(If you still have a sudo/root shell somewhere.) (If you still have a sudo/root shell somewhere.)
@ -217,14 +217,14 @@ https://www.kicksecure.com/wiki/root#unlock
exit 0 exit 0
fi fi
echo "\ printf '%s\n' "\
$0: WARNING: $failed_login_counter failed login attempts for user_name '$user_name'. $0: WARNING: $failed_login_counter failed login attempts for user_name '$user_name'.
Login will be blocked after $deny attempts. Login will be blocked after $deny attempts.
You have $remaining_attempts more attempts before unlock procedure is required. You have $remaining_attempts more attempts before unlock procedure is required.
" >&2 " >&2
if [ "$PAM_SERVICE" = "su" ]; then if [ "$PAM_SERVICE" = "su" ]; then
echo "\ printf '%s\n' "\
$0: NOTE: Type the password. When entering the password, no password feedback (no asterisk (\"*\") symbol) will be shown. $0: NOTE: Type the password. When entering the password, no password feedback (no asterisk (\"*\") symbol) will be shown.
" >&2 " >&2
fi fi