Fix pam-tally2.so is missing in Ubuntu #38, Modify 8.1.26 for support to ubuntu.

2025-07-31 01:24:58 +02:00 · 2022-09-05 14:14:13 +00:00 · 2022-09-05 14:14:13 +00:00 · 1835a45c0e
commit 1835a45c0e
parent 297b4fa343
1 changed files with 19 additions and 10 deletions
--- a/bin/hardening/8.1.26_record_pam_tally_cmd_usage.sh
+++ b/bin/hardening/8.1.26_record_pam_tally_cmd_usage.sh
@ -21,7 +21,7 @@ audit () {
 	# This feature is only for debian
 	if [ $OS_RELEASE -eq 2 ]; then
 		ok "CentOS/Redhat is not support, so pass"
-	elif [ $OS_RELEASE -eq 1 ]; then
+	elif [ $OS_RELEASE -eq 1 -o $OS_RELEASE -eq 3 ]; then
    	# define custom IFS and save default one
    	d_IFS=$IFS
    	c_IFS=$'\n'
@ -52,7 +52,7 @@ apply () {
 	# This feature is only for debian
 	if [ $OS_RELEASE -eq 2 ]; then
 		ok "CentOS/Redhat is not support, so pass"
-	elif [ $OS_RELEASE -eq 1 ]; then
+	elif [ $OS_RELEASE -eq 1 -o $OS_RELEASE -eq 3 ]; then
    	IFS=$'\n'
    	for AUDIT_VALUE in $AUDIT_PARAMS; do
 			check_audit_path $AUDIT_VALUE 
@ -77,6 +77,14 @@ apply () {
 # This function will check config parameters required
 # Replaced pam_tally2 with faillock in debian 11
 check_config() {
+	# support to ubuntu 
+	if [ $OS_RELEASE -eq 3 ]; then
+		if [ $DONT_AUDITD_BY_UID -eq 1 ]; then
+AUDIT_PARAMS='-a always,exit -F path=/usr/sbin/faillock -F perm=wxa -k privileged-pam'
+		else
+AUDIT_PARAMS='-a always,exit -F path=/usr/sbin/faillock -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam'
+		fi
+	else
 		is_debian_11
 		if [ $DONT_AUDITD_BY_UID -eq 1 ]; then
 			if [ $FNRET = 1 ]; then
@ -93,6 +101,7 @@ AUDIT_PARAMS='-a always,exit -F path=/sbin/pam_tally -F perm=wxa -F auid>=1000 -
 AUDIT_PARAMS='-a always,exit -F path=/usr/sbin/faillock -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam'
 			fi
 		fi
+	fi
 }

 # Source Root Dir Parameter