tyler.durden/harbian-audit
1
0
Fork 0
mirror of https://github.com/hardenedlinux/harbian-audit.git synced 2025-07-31 01:24:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix pam-tally2.so is missing in Ubuntu #38

Browse Source
This commit is contained in:
Samson-W 2022-09-05 13:45:01 +00:00
parent d9b24e2e7e
commit 297b4fa343
2 changed files with 17 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
bin/hardening/9.2.12_pam_lockout_failed_tally2.sh
View File

@ -158,12 +158,12 @@ apply () {
check_config() { check_config() {
if [ $OS_RELEASE -eq 2 ]; then if [ $OS_RELEASE -eq 2 ]; then
PACKAGE='pam' PACKAGE='pam'
PAMLIBNAME='pam_failloc.so' PAMLIBNAME='pam_faillock.so'
AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_failloc.so' AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_faillock.so'
AUTHFILE='/etc/pam.d/password-auth' AUTHFILE='/etc/pam.d/password-auth'
AUTHRULE='auth required pam_failloc.so deny=3 even_deny_root unlock_time=900' AUTHRULE='auth required pam_faillock.so deny=3 even_deny_root unlock_time=900'
ADDPATTERNLINE='auth[[:space:]]*required' ADDPATTERNLINE='auth[[:space:]]*required'
else elif [ $OS_RELEASE -eq 1 ]; then
is_debian_11 is_debian_11
# faillock for Debian 11 # faillock for Debian 11
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
@ -177,6 +177,12 @@ check_config() {
AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_tally2.so' AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_tally2.so'
AUTHRULE='auth required pam_tally2.so deny=3 even_deny_root unlock_time=900' AUTHRULE='auth required pam_tally2.so deny=3 even_deny_root unlock_time=900'
fi fi
# same to debian11
elif [ $OS_RELEASE -eq 3 ]; then
ISDEBIAN11=1
SECCONFFILE='/etc/security/faillock.conf'
AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_faillock.so'
AUTHRULE='auth required pam_faillock.so'
fi fi
} }

8
bin/hardening/9.2.13_pam_even_deny_root_tally2.sh
View File

@ -156,7 +156,7 @@ check_config() {
AUTHRULE='auth required pam_faillock.so preauth silent audit deny=3 even_deny_root fail_interval=900 unlock_time=900' AUTHRULE='auth required pam_faillock.so preauth silent audit deny=3 even_deny_root fail_interval=900 unlock_time=900'
ADDPATTERNLINE='auth[[:space:]]*required' ADDPATTERNLINE='auth[[:space:]]*required'
DENYROOT='even_deny_root' DENYROOT='even_deny_root'
else elif [ $OS_RELEASE -eq 1 ]; then
is_debian_11 is_debian_11
# faillock for Debian 11 # faillock for Debian 11
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
@ -170,6 +170,12 @@ check_config() {
AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_tally2.so' AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_tally2.so'
AUTHRULE='auth required pam_tally2.so deny=3 even_deny_root unlock_time=900' AUTHRULE='auth required pam_tally2.so deny=3 even_deny_root unlock_time=900'
fi fi
# same to debian11
elif [ $OS_RELEASE -eq 3 ]; then
ISDEBIAN11=1
SECCONFFILE='/etc/security/faillock.conf'
AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_faillock.so'
AUTHRULE='auth required pam_faillock.so'
fi fi
} }