FromeXo/install_faillock.sh

## install_faillock.sh
#!/usr/bin/env bash

# Default Script Vars
readonly SCRIPT_VERSION="1.0.0"
readonly SCRIPT_PATH=$(realpath "$0")
readonly SCRIPT_FILE=${SCRIPT_PATH##*/}
readonly SCRIPT_DIR=${SCRIPT_PATH%/*}

# faillock config file location
fl_conf_file="/etc/security/faillock.conf"

if [ "$EUID" -ne 0 ]; then
	echo "Please run as root"
	echo "sudo ./$SCRIPT_FILE"
  	exit 1
fi

echo "!!!!!!  When asked y/n, you must type y to say yes. !!!!!!"

echo -en "\nDo you want to reset faillock configuration and start fresh? "
read -p "y/n [n]: " rs_faillock

if [ "$rs_faillock" = "y" ]; then
	fl_url="https://gist.githubusercontent.com/FromeXo/8e4da0668c85c8456cca061855d67010/raw/1689492752c6d2e29ed50528487f9fcd236682c6/faillock.conf"
	wget --output-document="$fl_conf_file" "$fl_url"
	chmod 644 "$fl_conf_file"
	chown root:root "$fl_conf_file"
fi

echo -en "\nDo you want to reset pam common-auth configuration and start fresh?"
read -p "y/n [n]: " rs_pam

if [ "$rs_pam" = "y" ]; then
	pam_file="/etc/pam.d/common-auth"
	pam_url="https://gist.githubusercontent.com/FromeXo/31882a55272a5b2e73d97ff17c0bf90f/raw/83c5cbff926c3b18850683b27ff3015d13c5c83c/common-auth"
	wget --putput-document="$pam_file" "$pam_url"
	chmod 644 "$pam_file"
	chown root:root "$pam_file"
if

echo -n "Do you want to configure Faillock? "
read -p "y/n [n]: " faillock

if [ "$faillock" = "y" ]; then

	if [ -f "$fl_conf_file" ]; then
		echo -e "\nCreating backup file of $fl_conf_file"
		cp "$fl_conf_file" "$fl_conf_file.backup"
		if [ -f "$fl_conf_file.backup" ]; then
			echo "$fl_conf_file.backup was created."
		else
			echo "Error: Could not copy $fl_conf_file"
			exit 1
		fi
	else
		echo "Error: $fl_conf_file does not exists."
		exit 1
	fi

	while [ "" = "" ]; do
		echo -en "\nHow many login attempts? "
		read -p "[default: 3]: " fl_deny
		if [ "$fl_deny" = "" ]; then
			fl_deny="3"
		fi
		echo -e "\nWithin what time interval should the login failures occur for the user to be locked out?"
		read -p "Interval (seconds) [default: 60]: " fl_interval
		if [ "$fl_interval" = "" ]; then
			fl_interval="60"
		fi
		echo -e "\nFor how long should the user be locked out?"
		read -p "Time (seconds) [default: 180]: " fl_unlock
		if [ "$fl_unlock" = "" ]; then
			fl_unlock="180"
		fi

		echo "Login attempts: $fl_deny"
		echo "Fail interval: $fl_interval"
		echo "Locked out time: $fl_unlock"
		read -p "Does this look correct? y/n: " fl_confirm
		if [ "$fl_confirm" = "y" ]; then
			break
		fi
	done
	# Uncomment deny
	sed -i "/^# deny =/s/^# //" "$fl_conf_file"
	# Set deny value
	sed -i "s/^deny = .*/deny = $fl_deny/" "$fl_conf_file"

	# Uncomment Unlock
	sed -i "/^# unlock_time =/s/^# //" "$fl_conf_file"
	# Set unlock value
	sed -i "s/^unlock_time = .*/unlock_time = $fl_unlock/" "$fl_conf_file"

	# Uncomment interval
	sed -i "/^# fail_interval =/s/^# //" "$fl_conf_file"
	# Set interval value
	sed -i "s/^fail_interval = .*/fail_interval = $fl_interval/" "$fl_conf_file"
fi

echo -en "\n Do you want to add faillock to pam? common-auth?\n"
read -p "Add faillock to pam? y/n [n]: " pam

if [ "$pam" = "y" ]
	pam_conf_file="/etc/pam.d/common-auth"
	# Add Faillock to PAM
	sed -i '1i\auth sufficient pam_unix.so' /etc/pam.d/common-auth
	sed -i '1i\auth [default=die] pam_faillock.so authfail audit' /etc/pam.d/common-auth
	sed -i '1i\auth [success=1 default=bad] pam_unix.so' /etc/pam.d/common-auth
	sed -i '1i\auth required pam_faillock.so preauth' /etc/pam.d/common-auth
fi

echo "Thank you, please come again!"

exit 0
	#!/usr/bin/env bash

	# Default Script Vars
	readonly SCRIPT_VERSION="1.0.0"
	readonly SCRIPT_PATH=$(realpath "$0")
	readonly SCRIPT_FILE=${SCRIPT_PATH##*/}
	readonly SCRIPT_DIR=${SCRIPT_PATH%/*}

	# faillock config file location
	fl_conf_file="/etc/security/faillock.conf"

	if [ "$EUID" -ne 0 ]; then
	echo "Please run as root"
	echo "sudo ./$SCRIPT_FILE"
	exit 1
	fi

	echo "!!!!!! When asked y/n, you must type y to say yes. !!!!!!"

	echo -en "\nDo you want to reset faillock configuration and start fresh? "
	read -p "y/n [n]: " rs_faillock

	if [ "$rs_faillock" = "y" ]; then
	fl_url="https://gist.githubusercontent.com/FromeXo/8e4da0668c85c8456cca061855d67010/raw/1689492752c6d2e29ed50528487f9fcd236682c6/faillock.conf"
	wget --output-document="$fl_conf_file" "$fl_url"
	chmod 644 "$fl_conf_file"
	chown root:root "$fl_conf_file"
	fi

	echo -en "\nDo you want to reset pam common-auth configuration and start fresh?"
	read -p "y/n [n]: " rs_pam

	if [ "$rs_pam" = "y" ]; then
	pam_file="/etc/pam.d/common-auth"
	pam_url="https://gist.githubusercontent.com/FromeXo/31882a55272a5b2e73d97ff17c0bf90f/raw/83c5cbff926c3b18850683b27ff3015d13c5c83c/common-auth"
	wget --putput-document="$pam_file" "$pam_url"
	chmod 644 "$pam_file"
	chown root:root "$pam_file"
	if

	echo -n "Do you want to configure Faillock? "
	read -p "y/n [n]: " faillock

	if [ "$faillock" = "y" ]; then

	if [ -f "$fl_conf_file" ]; then
	echo -e "\nCreating backup file of $fl_conf_file"
	cp "$fl_conf_file" "$fl_conf_file.backup"
	if [ -f "$fl_conf_file.backup" ]; then
	echo "$fl_conf_file.backup was created."
	else
	echo "Error: Could not copy $fl_conf_file"
	exit 1
	fi
	else
	echo "Error: $fl_conf_file does not exists."
	exit 1
	fi

	while [ "" = "" ]; do
	echo -en "\nHow many login attempts? "
	read -p "[default: 3]: " fl_deny
	if [ "$fl_deny" = "" ]; then
	fl_deny="3"
	fi
	echo -e "\nWithin what time interval should the login failures occur for the user to be locked out?"
	read -p "Interval (seconds) [default: 60]: " fl_interval
	if [ "$fl_interval" = "" ]; then
	fl_interval="60"
	fi
	echo -e "\nFor how long should the user be locked out?"
	read -p "Time (seconds) [default: 180]: " fl_unlock
	if [ "$fl_unlock" = "" ]; then
	fl_unlock="180"
	fi

	echo "Login attempts: $fl_deny"
	echo "Fail interval: $fl_interval"
	echo "Locked out time: $fl_unlock"
	read -p "Does this look correct? y/n: " fl_confirm
	if [ "$fl_confirm" = "y" ]; then
	break
	fi
	done
	# Uncomment deny
	sed -i "/^# deny =/s/^# //" "$fl_conf_file"
	# Set deny value
	sed -i "s/^deny = .*/deny = $fl_deny/" "$fl_conf_file"

	# Uncomment Unlock
	sed -i "/^# unlock_time =/s/^# //" "$fl_conf_file"
	# Set unlock value
	sed -i "s/^unlock_time = .*/unlock_time = $fl_unlock/" "$fl_conf_file"

	# Uncomment interval
	sed -i "/^# fail_interval =/s/^# //" "$fl_conf_file"
	# Set interval value
	sed -i "s/^fail_interval = .*/fail_interval = $fl_interval/" "$fl_conf_file"
	fi

	echo -en "\n Do you want to add faillock to pam? common-auth?\n"
	read -p "Add faillock to pam? y/n [n]: " pam

	if [ "$pam" = "y" ]
	pam_conf_file="/etc/pam.d/common-auth"
	# Add Faillock to PAM
	sed -i '1i\auth sufficient pam_unix.so' /etc/pam.d/common-auth
	sed -i '1i\auth [default=die] pam_faillock.so authfail audit' /etc/pam.d/common-auth
	sed -i '1i\auth [success=1 default=bad] pam_unix.so' /etc/pam.d/common-auth
	sed -i '1i\auth required pam_faillock.so preauth' /etc/pam.d/common-auth
	fi

	echo "Thank you, please come again!"

	exit 0
No results found