From 8776850762d7cb0443ab7668aa3936fe21a8e4fa Mon Sep 17 00:00:00 2001 From: mhoellein Date: Thu, 3 Jun 2021 15:16:41 +0200 Subject: [PATCH] committing changes in /etc made by "apt-get upgrade" Package changes: -initramfs-tools 0.136ubuntu6.4 all -initramfs-tools-bin 0.136ubuntu6.4 amd64 -initramfs-tools-core 0.136ubuntu6.4 all +initramfs-tools 0.136ubuntu6.5 all +initramfs-tools-bin 0.136ubuntu6.5 amd64 +initramfs-tools-core 0.136ubuntu6.5 all -intel-microcode 3.20201110.0ubuntu0.20.04.2 amd64 +intel-microcode 3.20210216.0ubuntu0.20.04.1 amd64 -isc-dhcp-client 4.4.1-2.1ubuntu5.20.04.1 amd64 -isc-dhcp-common 4.4.1-2.1ubuntu5.20.04.1 amd64 +isc-dhcp-client 4.4.1-2.1ubuntu5.20.04.2 amd64 +isc-dhcp-common 4.4.1-2.1ubuntu5.20.04.2 amd64 -liblz4-1 1.9.2-2 amd64 +liblz4-1 1.9.2-2ubuntu0.20.04.1 amd64 -libmysqlclient21 8.0.23-0ubuntu0.20.04.1 amd64 +libmysqlclient21 8.0.25-0ubuntu0.20.04.1 amd64 -libnetplan0 0.101-0ubuntu3~20.04.2 amd64 +libnetplan0 0.102-0ubuntu1~20.04.2 amd64 -libpam-modules 1.3.1-5ubuntu4.1 amd64 -libpam-modules-bin 1.3.1-5ubuntu4.1 amd64 -libpam-runtime 1.3.1-5ubuntu4.1 all +libpam-modules 1.3.1-5ubuntu4.2 amd64 +libpam-modules-bin 1.3.1-5ubuntu4.2 amd64 +libpam-runtime 1.3.1-5ubuntu4.2 all -libpam0g 1.3.1-5ubuntu4.1 amd64 +libpam0g 1.3.1-5ubuntu4.2 amd64 -libpolkit-gobject-1-0 0.105-26ubuntu1 amd64 +libpolkit-gobject-1-0 0.105-26ubuntu1.1 amd64 -libpq5 12.6-0ubuntu0.20.04.1 amd64 +libpq5 12.7-0ubuntu0.20.04.1 amd64 -libpython3.8 3.8.5-1~20.04.2 amd64 -libpython3.8-minimal 3.8.5-1~20.04.2 amd64 -libpython3.8-stdlib 3.8.5-1~20.04.2 amd64 +libpython3.8 3.8.5-1~20.04.3 amd64 +libpython3.8-minimal 3.8.5-1~20.04.3 amd64 +libpython3.8-stdlib 3.8.5-1~20.04.3 amd64 -libssl1.1 1.1.1f-1ubuntu2.3 amd64 +libssl1.1 1.1.1f-1ubuntu2.4 amd64 -libx11-6 2:1.6.9-2ubuntu1.1 amd64 -libx11-data 2:1.6.9-2ubuntu1.1 all +libx11-6 2:1.6.9-2ubuntu1.2 amd64 +libx11-data 2:1.6.9-2ubuntu1.2 all -lz4 1.9.2-2 amd64 +lz4 1.9.2-2ubuntu0.20.04.1 amd64 -mysql-client-8.0 8.0.23-0ubuntu0.20.04.1 amd64 -mysql-client-core-8.0 8.0.23-0ubuntu0.20.04.1 amd64 +mysql-client-8.0 8.0.25-0ubuntu0.20.04.1 amd64 +mysql-client-core-8.0 8.0.25-0ubuntu0.20.04.1 amd64 -mysql-server 8.0.23-0ubuntu0.20.04.1 all +mysql-server 8.0.25-0ubuntu0.20.04.1 all -netplan.io 0.101-0ubuntu3~20.04.2 amd64 +netplan.io 0.102-0ubuntu1~20.04.2 amd64 -openssl 1.1.1f-1ubuntu2.3 amd64 +openssl 1.1.1f-1ubuntu2.4 amd64 -python-apt-common 2.0.0ubuntu0.20.04.4 all +python-apt-common 2.0.0ubuntu0.20.04.5 all -python3-apt 2.0.0ubuntu0.20.04.4 amd64 +python3-apt 2.0.0ubuntu0.20.04.5 amd64 -python3-distupgrade 1:20.04.32 all -python3-gdbm 3.8.5-1~20.04.1 amd64 +python3-distupgrade 1:20.04.33 all +python3-gdbm 3.8.10-0ubuntu1~20.04 amd64 -python3-yaml 5.3.1-1 amd64 -python3.8 3.8.5-1~20.04.2 amd64 -python3.8-minimal 3.8.5-1~20.04.2 amd64 +python3-yaml 5.3.1-1ubuntu0.1 amd64 +python3.8 3.8.5-1~20.04.3 amd64 +python3.8-minimal 3.8.5-1~20.04.3 amd64 -ubuntu-release-upgrader-core 1:20.04.32 all +ubuntu-release-upgrader-core 1:20.04.33 all --- .etckeeper | 1 + security/faillock.conf | 62 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+) create mode 100644 security/faillock.conf diff --git a/.etckeeper b/.etckeeper index f891b79..70095ba 100755 --- a/.etckeeper +++ b/.etckeeper @@ -1162,6 +1162,7 @@ maybe chmod 0644 'screenrc' maybe chmod 0755 'security' maybe chmod 0644 'security/access.conf' maybe chmod 0644 'security/capability.conf' +maybe chmod 0644 'security/faillock.conf' maybe chmod 0644 'security/group.conf' maybe chmod 0644 'security/limits.conf' maybe chmod 0755 'security/limits.d' diff --git a/security/faillock.conf b/security/faillock.conf new file mode 100644 index 0000000..16d93df --- /dev/null +++ b/security/faillock.conf @@ -0,0 +1,62 @@ +# Configuration for locking the user after multiple failed +# authentication attempts. +# +# The directory where the user files with the failure records are kept. +# The default is /var/run/faillock. +# dir = /var/run/faillock +# +# Will log the user name into the system log if the user is not found. +# Enabled if option is present. +# audit +# +# Don't print informative messages. +# Enabled if option is present. +# silent +# +# Don't log informative messages via syslog. +# Enabled if option is present. +# no_log_info +# +# Only track failed user authentications attempts for local users +# in /etc/passwd and ignore centralized (AD, IdM, LDAP, etc.) users. +# The `faillock` command will also no longer track user failed +# authentication attempts. Enabling this option will prevent a +# double-lockout scenario where a user is locked out locally and +# in the centralized mechanism. +# Enabled if option is present. +# local_users_only +# +# Deny access if the number of consecutive authentication failures +# for this user during the recent interval exceeds n tries. +# The default is 3. +# deny = 3 +# +# The length of the interval during which the consecutive +# authentication failures must happen for the user account +# lock out is n seconds. +# The default is 900 (15 minutes). +# fail_interval = 900 +# +# The access will be re-enabled after n seconds after the lock out. +# The value 0 has the same meaning as value `never` - the access +# will not be re-enabled without resetting the faillock +# entries by the `faillock` command. +# The default is 600 (10 minutes). +# unlock_time = 600 +# +# Root account can become locked as well as regular accounts. +# Enabled if option is present. +# even_deny_root +# +# This option implies the `even_deny_root` option. +# Allow access after n seconds to root account after the +# account is locked. In case the option is not specified +# the value is the same as of the `unlock_time` option. +# root_unlock_time = 900 +# +# If a group name is specified with this option, members +# of the group will be handled by this module the same as +# the root account (the options `even_deny_root>` and +# `root_unlock_time` will apply to them. +# By default, the option is not set. +# admin_group = -- 2.43.0