mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-07-28 21:59:38 +07:00
Code Issues Packages Projects Releases Wiki Activity

Avoid faillock lock/tally reset on reboot or timeout

Browse Source
This commit is contained in:
Aaron Rainbolt
2024-10-19 23:49:07 -05:00
parent b6433309fd
commit 690e8dd826
6 changed files with 37 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
usr/share/pam-configs/faillock-security-misc → usr/share/pam-configs/faillock-preauth-security-misc
View File

@ -1,11 +1,8 @@
Name: lock accounts after 50 failed authentication attempts (part 1) (by package security-misc)
Name: lock accounts after 50 failed authentication attempts (preauth component) (by package security-misc)
Default: yes
Priority: 290
Priority: 1024
Auth-Type: Primary
Auth:
optional pam_exec.so debug stdout seteuid /usr/libexec/security-misc/pam-info
[success=1 default=ignore] pam_exec.so seteuid quiet /usr/libexec/security-misc/pam_faillock_not_if_x
required pam_faillock.so preauth
Account-Type: Primary
Account:
requisite pam_faillock.so

8
usr/share/pam-configs/faillock2-security-misc
View File

@ -1,8 +0,0 @@
Name: lock accounts after 50 failed authentication attempts (part 2) (by package security-misc)
Default: yes
Priority: 245
Auth-Type: Primary
Auth:
[success=2 default=ignore] pam_exec.so seteuid quiet /usr/libexec/security-misc/pam_faillock_not_if_x
[default=die] pam_faillock.so authfail
sufficient pam_faillock.so authsucc

20
usr/share/pam-configs/unix-faillock-security-misc Normal file
View File

@ -0,0 +1,20 @@
Name: Unix authentication with faillock (by package security-misc)
Default: yes
Priority: 384
Auth-Type: Primary
Auth:
[success=3 default=ignore] pam_unix.so nullok try_first_pass
[success=1 default=ignore] pam_exec.so seteuid quiet /usr/libexec/security-misc/pam_faillock_not_if_x
[default=die] pam_faillock.so authfail
requisite pam_deny.so
[success=1 default=ignore] pam_exec.so seteuid quiet /usr/libexec/security-misc/pam_faillock_not_if_x
optional pam_faillock.so authsucc
required pam_permit.so
Auth-Initial:
[success=3 default=ignore] pam_unix.so nullok
[success=1 default=ignore] pam_exec.so seteuid quiet /usr/libexec/security-misc/pam_faillock_not_if_x
[default=die] pam_faillock.so authfail
requisite pam_deny.so
[success=1 default=ignore] pam_exec.so seteuid quiet /usr/libexec/security-misc/pam_faillock_not_if_x
optional pam_faillock.so authsucc
required pam_permit.so