mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-02-23 21:26:20 +07:00
Code Issues Packages Projects Releases Wiki Activity

Add warning about using non-sysmaint accounts in sysmaint mode

Browse Source
This commit is contained in:
Aaron Rainbolt 2024-12-20 11:04:22 -06:00
parent 3c73c0cd3a
commit 2f3a2bce77
No known key found for this signature in database
GPG Key ID: A709160D73C79109
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
usr/libexec/security-misc/pam-info
View File

@ -76,10 +76,17 @@ if [ "$PAM_USER" = 'sysmaint' ]; then
sysmaint_passwd_info="$(passwd --status sysmaint 2>/dev/null)" || true
sysmaint_lock_info="$(cut -d' ' -f2 <<< "${sysmaint_passwd_info}")"
if [ "${sysmaint_lock_info}" = 'L' ]; then
echo "$0: ERROR: Reboot and choose 'PERSISTENT mode SYSMAINT' for system maintenance. See https://www.kicksecure.com/wiki/sysmaint"
echo "$0: ERROR: Reboot and choose 'PERSISTENT mode SYSMAINT' for system maintenance. See https://www.kicksecure.com/wiki/Sysmaint"
fi
fi
kernel_cmdline="$(cat /proc/cmdline)"
if [ "$PAM_USER" != 'sysmaint' ] \
&& [[ "${kernel_cmdline}" =~ 'boot-role=sysmaint' ]]; then
echo "$0: WARNING: Reboot and choose 'PERSISTENT mode USER' for normal work. See https://www.kicksecure.com/wiki/Sysmaint"
fi
## https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698
## Does not work (yet) for login, pam_securetty runs before and aborts.