#!/bin/bash ## Copyright (C) 2022 - 2022 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. true "$0: START PHASE 1" if test -f /etc/pam-info-debug || test -f /usr/local/etc/pam-info-debug ; then set -x exec 5>&1 1>> ~/pam-info-debug.txt exec 6>&2 2>> ~/pam-info-debug.txt fi true "$0: START PHASE 2" if ! command -v "/usr/sbin/faillock" &>/dev/null; then true "$0: ERROR: The faillock program is unavailable, exiting." exit 2 fi who_ami="$(whoami)" if [ "$SUDO_USER" = "" ]; then user_to_check="$who_ami" else user_to_check="$SUDO_USER" fi if [ "$(id -u)" = "0" ]; then faillock_program="/usr/sbin/faillock" else ## as user "user" ## /usr/sbin/faillock -u user ## faillock: Error opening /var/log/tallylog for update: Permission denied ## /usr/sbin/faillock: Authentication error ## ## xscreensaver runs as user "user", therefore pam_faillock cannot function. ## xscreensaver has its own failed login counter. ## ## https://askubuntu.com/questions/983183/how-lock-the-unlock-screen-after-wrong-password-attempts ## ## https://www.whonix.org/pipermail/whonix-devel/2019-September/001439.html #true "$0: not started as root, exiting." #exit 0 faillock_program="sudo --non-interactive /usr/sbin/faillock" fi $faillock_program --user "$user_to_check" exit $?