mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-07-15 18:29:44 +07:00
Code Issues Packages Projects Releases Wiki Activity
NaN Commits 4 Branches 456 Tags
788914de95ee9299d685e8b65466feee1085cf18
Commit Graph

16 Commits

Author SHA1 Message Date
Patrick Schleizer
788914de95 group ssh check was removed 
https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/27
 2019-12-31 02:46:32 -05:00
Patrick Schleizer
50ac03363f output 2019-12-08 03:18:32 -05:00
Patrick Schleizer
3bd0b3f837 notify when attempting to use ssh but user is member of group ssh 2019-12-08 03:10:41 -05:00
Patrick Schleizer
9ba84f34c6 comment 2019-12-07 06:51:59 -05:00
Patrick Schleizer
dc1dfc8c20 output 2019-12-07 06:51:16 -05:00
Patrick Schleizer
532a1525c2 comment 2019-12-07 06:26:55 -05:00
Patrick Schleizer
14aa6c5077 comment 2019-12-07 06:26:23 -05:00
Patrick Schleizer
8b3f5a555b add console lockdown to pam info output 2019-12-07 06:25:45 -05:00
Patrick Schleizer
aa5451c8cd Lock user accounts after 50 rather than 100 failed login attempts. 
https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698/19
 2019-11-25 01:39:53 -05:00
Patrick Schleizer
75258843e9 copyright 2019-09-16 13:03:43 +00:00
Patrick Schleizer
8e39cea876 comment 2019-09-16 13:03:25 +00:00
Patrick Schleizer
bac462f211 comment 2019-09-16 13:03:02 +00:00
Patrick Schleizer
bec680d4f3 pam_tally2-info: fix, do nothing when started as user "user" 
xscreensaver runs as user "user", therefore pam_tally2 cannot function.
xscreensaver has its own failed login counter.

as user "user"
/sbin/pam_tally2 -u user
pam_tally2: Error opening /var/log/tallylog for update: Permission denied
/sbin/pam_tally2: Authentication error

https://askubuntu.com/questions/983183/how-lock-the-unlock-screen-after-wrong-password-attempts

https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698
 2019-09-16 12:30:23 +00:00
Patrick Schleizer
41b2819ec8 PAM: abort on locked password 
to avoid needlessly bumping pam_tally2 counter

https://forums.whonix.org/t/restrict-root-access/7658/1
 2019-08-17 10:33:47 +00:00
Patrick Schleizer
17cfcb63b6 code simplification; report locked account earlier 2019-08-16 10:50:56 -04:00
Patrick Schleizer
ff9bc1d7ea informational output during PAM: 
* Show failed and remaining password attempts.
* Document unlock procedure if Linux user account got locked.
* Point out, that there is no password feedback for `su`.
* Explain locked (root) account if locked.
* /usr/share/pam-configs/tally2-security-misc
* /usr/lib/security-misc/pam_tally2-info
 2019-08-15 13:37:28 +00:00