mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-03-11 18:40:11 +07:00
Code Issues Packages Projects Releases Wiki Activity

fix, add sshd to pam_service_exclusion_list

Browse Source 
to avoid faillock
This commit is contained in:
Patrick Schleizer 2021-09-01 15:45:36 -04:00
parent 224ae730c1
commit 8b104f544a
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
usr/libexec/security-misc/pam_faillock_not_if_x
View File

@ -19,11 +19,9 @@ true "PAM_SERVICE: $PAM_SERVICE"
## "when used with a stack of modules, the module's return status will not contribute to the return code the application obtains." ## "when used with a stack of modules, the module's return status will not contribute to the return code the application obtains."
## http://www.linux-pam.org/Linux-PAM-html/sag-configuration-file.html ## http://www.linux-pam.org/Linux-PAM-html/sag-configuration-file.html
## - Failed dovecot logins should not result in account getting locked. ## - Failed dovecot ssh logins from malicious remotes should not result in account getting locked.
## - Failed SSH public key authentication attempts do not increase pam_faillock
## counter for some reason.
## This list can later be extended as needed. ## This list can later be extended as needed.
pam_service_exclusion_list="dovecot" pam_service_exclusion_list="dovecot sshd"
for pam_service_exclusion_item in $pam_service_exclusion_list ; do for pam_service_exclusion_item in $pam_service_exclusion_list ; do
if [ "$PAM_SERVICE" = "$pam_service_exclusion_item" ]; then if [ "$PAM_SERVICE" = "$pam_service_exclusion_item" ]; then