From a12cd979224190d62f7eb0e7ec4829093a3f41e2 Mon Sep 17 00:00:00 2001 From: David Heinemeier Hansson Date: Wed, 23 Jul 2025 12:36:57 -0400 Subject: [PATCH] Increase pamlimit lockout --- install/4-config.sh | 8 ++++++-- migrations/1753286633.sh | 6 ++++++ 2 files changed, 12 insertions(+), 2 deletions(-) create mode 100644 migrations/1753286633.sh diff --git a/install/4-config.sh b/install/4-config.sh index 385f333..91157f6 100644 --- a/install/4-config.sh +++ b/install/4-config.sh @@ -3,6 +3,9 @@ # Copy over Omarchy configs cp -R ~/.local/share/omarchy/config/* ~/.config/ +# Use default bashrc from Omarchy +echo "source ~/.local/share/omarchy/default/bash/rc" >~/.bashrc + # Ensure application directory exists for update-desktop-database mkdir -p ~/.local/share/applications @@ -13,8 +16,9 @@ sudo chmod 644 /etc/gnupg/dirmngr.conf sudo gpgconf --kill dirmngr || true sudo gpgconf --launch dirmngr || true -# Use default bashrc from Omarchy -echo "source ~/.local/share/omarchy/default/bash/rc" >~/.bashrc +# Increase lockout limit to 10 and decrease timeout to 2 minutes +sudo sed -i 's|^\(auth\s\+required\s\+pam_faillock.so\)\s\+preauth.*$|\1 preauth silent deny=10 unlock_time=120|' "/etc/pam.d/system-auth" +sudo sed -i 's|^\(auth\s\+\[default=die\]\s\+pam_faillock.so\)\s\+authfail.*$|\1 authfail deny=10 unlock_time=120|' "/etc/pam.d/system-auth" # Set common git aliases git config --global alias.co checkout diff --git a/migrations/1753286633.sh b/migrations/1753286633.sh new file mode 100644 index 0000000..5c7f2cf --- /dev/null +++ b/migrations/1753286633.sh @@ -0,0 +1,6 @@ +echo "Increase lockout limit to 10, decrease timeout to 2 minutes" + +if ! grep -q 'deny=10' /etc/pam.d/system-auth; then + sudo sed -i 's|^\(auth\s\+required\s\+pam_faillock.so\)\s\+preauth.*$|\1 preauth silent deny=10 unlock_time=120|' "/etc/pam.d/system-auth" + sudo sed -i 's|^\(auth\s\+\[default=die\]\s\+pam_faillock.so\)\s\+authfail.*$|\1 authfail deny=10 unlock_time=120|' "/etc/pam.d/system-auth" +fi