Shutdown after N invalid attempts (lockscreen + tty)

0

I've seen this question on AskUbuntu about monitoring lockscreen. However, imagine having an encrypted drive + home partition. Both are mounted and available while you are logged in.

The thing is, afaik, the number of attempts is not limited. How can I listen to unsuccessful attempts and after N tries just shut down the machine so I can prevent any further action that might target my storage via naive dictionary attack (e.g. friend/visit/...) on the lock screen?

Is there also any way for listening to unsuccessful attempts via tty? For example if someone tries to log in via tty1 twice and tty2 once (i.e. sum of all attempts 3), shutdown the machine too?

KeyWeeUsr

Posted 2019-11-18T12:37:41.330

Reputation: 238

Answers

1

There are several PAM modules which can limit the number of attempts over time, e.g. pam_tally2 is available on most Linux distributions.

You can also create custom PAM modules, either in C or by using pam_exec to run custom shellscripts. For example, if the PAM stack looks like this:

(...)
auth [success=1 new_authtok_reqd=ok default=bad] pam_unix.so
auth optional pam_exec.so /usr/local/bin/count-or-shutdown.sh
(...)

then every successful password entry will skip over the pam_exec line, but every failed login will execute it.

user1686

Posted 2019-11-18T12:37:41.330

Reputation: 283 655

Does it apply to GUI too? – KeyWeeUsr – 2019-11-18T12:59:11.933

1As long as your GUI lockscreen actually uses PAM, yes. (If you're using a custom lockscreen like 'slock' which skips PAM and tries to do the absolute minimum amount of work, then all bets are off – if it doesn't call PAM, then it isn't going to send any other failure signal either.) – user1686 – 2019-11-18T13:03:19.433

I'll poke around to find whether my lockscreen uses PAM, but otherwise it's great! – KeyWeeUsr – 2019-11-18T13:05:17.657

Asked: 2019-11-18T12:37:41.330

Viewed: 18 times

Active: 2019-11-18T12:45:26.757