|
@@ -458,13 +458,17 @@ function set_max_login_tries {
|
458
|
458
|
if ! grep -q ' deny=' /etc/pam.d/common-auth; then
|
459
|
459
|
sed -i "/pam_deny.so/a auth required\t\t\tpam_tally.so onerr=fail no_lock_time per_user deny=$max_tries" /etc/pam.d/common-auth
|
460
|
460
|
else
|
461
|
|
- sed -i "s| deny=.*| deny=$max_tries|g" /etc/pam.d/common-auth
|
|
461
|
+ if ! grep -q " deny=$max_tries" /etc/pam.d/common-auth; then
|
|
462
|
+ sed -i "s| deny=.*| deny=$max_tries|g" /etc/pam.d/common-auth
|
|
463
|
+ fi
|
462
|
464
|
fi
|
463
|
465
|
|
464
|
466
|
if ! grep -q ' deny=' /etc/pam.d/common-account; then
|
465
|
467
|
sed -i '/pam_deny.so/a account required\t\t\tpam_tally.so' /etc/pam.d/common-account
|
466
|
468
|
else
|
467
|
|
- sed -i "s| deny=.*| deny=$max_tries|g" /etc/pam.d/common-account
|
|
469
|
+ if ! grep -q " deny=$max_tries" /etc/pam.d/common-account; then
|
|
470
|
+ sed -i "s| deny=.*| deny=$max_tries|g" /etc/pam.d/common-account
|
|
471
|
+ fi
|
468
|
472
|
fi
|
469
|
473
|
}
|
470
|
474
|
|
|
@@ -630,7 +634,9 @@ function dummy_nologin_command {
|
630
|
634
|
}
|
631
|
635
|
|
632
|
636
|
function disable_null_passwords {
|
633
|
|
- sed -i 's| nullok_secure||g' /etc/pam.d/common-auth
|
|
637
|
+ if grep -q ' nullok_secure' /etc/pam.d/common-auth; then
|
|
638
|
+ sed -i 's| nullok_secure||g' /etc/pam.d/common-auth
|
|
639
|
+ fi
|
634
|
640
|
}
|
635
|
641
|
|
636
|
642
|
function create_usb_canary {
|