Increase pamlimit lockout

2025-07-27 04:09:23 +00:00 · 2025-07-23 12:36:57 -04:00
parent c4c9cdc0f6
commit a12cd97922
2 changed files with 12 additions and 2 deletions
--- a/install/4-config.sh
+++ b/install/4-config.sh
@ -3,6 +3,9 @@
 # Copy over Omarchy configs
 cp -R ~/.local/share/omarchy/config/* ~/.config/
 # Use default bashrc from Omarchy
 echo "source ~/.local/share/omarchy/default/bash/rc" >~/.bashrc
 # Ensure application directory exists for update-desktop-database
 mkdir -p ~/.local/share/applications
@ -13,8 +16,9 @@ sudo chmod 644 /etc/gnupg/dirmngr.conf
 sudo gpgconf --kill dirmngr || true
 sudo gpgconf --launch dirmngr || true
-# Use default bashrc from Omarchy
+# Increase lockout limit to 10 and decrease timeout to 2 minutes
-echo "source ~/.local/share/omarchy/default/bash/rc" >~/.bashrc
+sudo sed -i 's|^\(auth\s\+required\s\+pam_faillock.so\)\s\+preauth.*$|\1 preauth silent deny=10 unlock_time=120|' "/etc/pam.d/system-auth"
 sudo sed -i 's|^\(auth\s\+\[default=die\]\s\+pam_faillock.so\)\s\+authfail.*$|\1 authfail deny=10 unlock_time=120|' "/etc/pam.d/system-auth"
 # Set common git aliases
 git config --global alias.co checkout
--- a/migrations/1753286633.sh
+++ b/migrations/1753286633.sh
@ -0,0 +1,6 @@
 echo "Increase lockout limit to 10, decrease timeout to 2 minutes"
 if ! grep -q 'deny=10' /etc/pam.d/system-auth; then
  sudo sed -i 's|^\(auth\s\+required\s\+pam_faillock.so\)\s\+preauth.*$|\1 preauth silent deny=10 unlock_time=120|' "/etc/pam.d/system-auth"
  sudo sed -i 's|^\(auth\s\+\[default=die\]\s\+pam_faillock.so\)\s\+authfail.*$|\1 authfail deny=10 unlock_time=120|' "/etc/pam.d/system-auth"
 fi