Merge remote-tracking branch 'ArrayBolt3/arraybolt3/sysmaint'

2024-12-22 16:03:35 +07:00 · 2024-12-19 05:56:01 -05:00 · 2024-12-19 05:56:01 -05:00 · c99021bb0c
commit c99021bb0c
parent 95b535764c 9d69cd1912
1 changed files with 8 additions and 0 deletions
--- a/usr/libexec/security-misc/pam-info
+++ b/usr/libexec/security-misc/pam-info
@ -72,6 +72,14 @@ https://www.kicksecure.com/wiki/root#console
   fi
 fi

+if [ "$PAM_USER" = 'sysmaint' ]; then
+   sysmaint_passwd_info="$(passwd -S sysmaint 2>/dev/null)" || true
+   sysmaint_lock_info="$(cut -d' ' -f2 <<< "${sysmaint_passwd_info}")"
+   if [ "${sysmaint_lock_info}" = 'L' ]; then
+      echo "$0: ERROR: Reboot and choose 'PERSISTENT mode SYSMAINT' for system maintenance. See https://www.kicksecure.com/wiki/sysmaint"
+   fi
+fi
+
 ## https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698

 ## Does not work (yet) for login, pam_securetty runs before and aborts.