security-misc/usr/bin/faillock-user
Patrick Schleizer d05c101721
debugging
2022-11-24 06:31:24 -05:00

56 lines
1.4 KiB
Bash
Executable File

#!/bin/bash
## Copyright (C) 2022 - 2022 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
## See the file COPYING for copying conditions.
true "$0: START PHASE 1"
if test -f /etc/pam-info-debug || test -f /usr/local/etc/pam-info-debug ; then
set -x
exec 5>&1 1>> ~/pam-info-debug.txt
exec 6>&2 2>> ~/pam-info-debug.txt
fi
true "$0: START PHASE 2"
if ! command -v "/usr/sbin/faillock" &>/dev/null; then
true "$0: ERROR: The faillock program is unavailable, exiting."
exit 2
fi
## Debugging.
who_ami="$(whoami)"
true "$0: who_ami: $who_ami"
true "$0: PAM_USER: $PAM_USER"
true "$0: SUDO_USER: $SUDO_USER"
if [ "$SUDO_USER" = "" ]; then
user_to_check="$who_ami"
else
user_to_check="$SUDO_USER"
fi
if [ "$(id -u)" = "0" ]; then
faillock_program="/usr/sbin/faillock"
else
## as user "user"
## /usr/sbin/faillock -u user
## faillock: Error opening /var/log/tallylog for update: Permission denied
## /usr/sbin/faillock: Authentication error
##
## xscreensaver runs as user "user", therefore pam_faillock cannot function.
## xscreensaver has its own failed login counter.
##
## https://askubuntu.com/questions/983183/how-lock-the-unlock-screen-after-wrong-password-attempts
##
## https://www.whonix.org/pipermail/whonix-devel/2019-September/001439.html
#true "$0: not started as root, exiting."
#exit 0
faillock_program="sudo --non-interactive /usr/sbin/faillock"
fi
$faillock_program --user "$user_to_check"
exit $?