security-misc

mirror of https://github.com/Kicksecure/security-misc.git synced 2024-12-11 09:44:25 -05:00

Author	SHA1	Message	Date
Patrick Schleizer	9622f28e25	skip counting failed login attempts from dovecot Failed dovecot logins should not result in account getting locked. revert "use pam_tally2 only for login"	2021-01-27 05:49:34 -05:00
Patrick Schleizer	6757104aa4	use pam_tally2 only for login to skip counting failed login attempts over ssh and mail login	2021-01-24 05:04:48 -05:00
Patrick Schleizer	c7c65fe4e7	higher priority usr/share/pam-configs/tally2-security-misc so it can give info before pam stack gets aborted by other pam modules	2019-12-08 03:15:53 -05:00
Patrick Schleizer	aa5451c8cd	Lock user accounts after 50 rather than 100 failed login attempts. https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698/19	2019-11-25 01:39:53 -05:00
Patrick Schleizer	03e8023847	output	2019-11-22 14:11:30 -05:00
Patrick Schleizer	ff9bc1d7ea	informational output during PAM: * Show failed and remaining password attempts. * Document unlock procedure if Linux user account got locked. * Point out, that there is no password feedback for `su`. * Explain locked (root) account if locked. * /usr/share/pam-configs/tally2-security-misc * /usr/lib/security-misc/pam_tally2-info	2019-08-15 13:37:28 +00:00
Patrick Schleizer	454e135822	pam_tally2.so even_deny_root	2019-08-15 07:33:41 +00:00
Patrick Schleizer	63b476221c	use requisite rather than required to avoid asking for password needlessly if login will fail anyhow	2019-08-15 07:30:56 +00:00
Patrick Schleizer	a2fa18c381	pam_tally2.so deny=100 during testing, due to issues `d17e25272b` https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698/12	2019-08-10 07:07:28 -04:00
Patrick Schleizer	d17e25272b	effectively (not directly) add "required pam_tally2.so debug" to /etc/pam.d/common-account This is required because otherwise something like "sudo bash" would count as a failed login for pam_tally2 even though it was successful. https://bugzilla.redhat.com/show_bug.cgi?id=707660 https://forums.whonix.org/t/restrict-root-access/7658	2019-08-10 06:06:39 -04:00
Patrick Schleizer	0f896a9d8d	add onerr=fail audit to pam_tally2	2019-08-10 06:05:37 -04:00
Patrick Schleizer	830111e99a	split usr/share/pam-configs/security-misc into usr/share/pam-configs/tally2-security-misc usr/share/pam-configs/wheel-security-misc	2019-08-01 11:04:22 +00:00

12 Commits