This is a one-off script to solve a specific issue. Don't use this without knowing all the details!
A script to lock down the machine for denying login after 5 failed password attempts. There are lots of program files in /etc/pam.d that needed to be changed to fulfill a requirement so a script was hacked to make this easy and consistent.
This is normally done differently so don't use this process for a new system
Normally, this is done during the build cycle. But this script is here more for the process than the actual need. The sed call sed -n '/^'$1'/ =' presents the line number that begins with the value of "$mylist". The second sed trick was to append a new line after the last of the matching lines
sed -i ''$line_num' a\
'"$new_line"'' $myfile
The first line ends with the "\" and has no space after it. The second line begins with a single quote ' with no spaces before it. The trick to this was the extra ' s to allow the use of the shell variables $line_num and $new_line. sed expects an opening single quote (usually) so immediately closing it to access the shell variable was a big secret. The sed call will append the new line $new_line after the line number $line_num
#!/bin/bash
# This will find the last value of "string" and append a defined line after it.
# If "string" doesn't exist, the line is added to the end of the file
# set the lines below to be string='new line'
auth="auth required pam_tally2.so deny=5 onerr=fail"
account="account required pam_tally2.so"
# The list contains the "string" from above definitions
list='auth account'
cd /etc/pam.d
get_line() {
for i in $(sed -n '/^'$1'/ =' $2)
do line_num=$i
done
}
for myfile in $(ls | grep -v "^system" | grep -v "^config"| grep -v "gnome-screensaver"); do
for mylist in $(echo $list); do
let line_num='0'
get_line ${mylist} ${myfile}
eval new_line=\$$mylist
if [ $line_num -gt 0 ]; then
sed -i ''${line_num}' a\
'"$new_line"'' $myfile
else
echo $new_line >> $myfile
fi
done
done