tyler.durden
/
harbian-audit
mirror of https://github.com/hardenedlinux/harbian-audit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Modify 9.2.11

This commit is contained in:
Samson-W 2018-11-05 18:30:15 +08:00
parent 93772789c6
commit 79e8bea65f
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
bin/hardening/9.2.11_enable_lockout_failed_password.sh
View File

@ -18,6 +18,8 @@ HARDENING_LEVEL=3
PACKAGE='libpam-modules-bin' PACKAGE='libpam-modules-bin'
AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_tally[2]?.so' AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_tally[2]?.so'
AUTHFILE='/etc/pam.d/common-auth' AUTHFILE='/etc/pam.d/common-auth'
AUTHRULE='auth required pam_tally2.so audit silent deny=3 unlock_time=900'
ADDPATTERNLINE='# pam-auth-update(8) for details.'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit () { audit () {
@ -47,7 +49,7 @@ apply () {
apt_install $PACKAGE apt_install $PACKAGE
elif [ $FNRET = 2 ]; then elif [ $FNRET = 2 ]; then
warn "Apply:$AUTHPATTERN is not present in $AUTHFILE" warn "Apply:$AUTHPATTERN is not present in $AUTHFILE"
add_line_file_after_pattern $AUTHFILE "auth required pam_tally2.so audit deny=3 unlock_time=900" "# pam-auth-update(8) for details." add_line_file_after_pattern $AUTHFILE $AUTHRULE $ADDPATTERNLINE
fi fi
} }