Hardware Reference
In-Depth Information
# self_destruct
exit
fi
if [ $PAM_USER == "pi" ]; then
if [ -f $COUNTFILE ]; then
FAILCOUNT=$(cat $COUNTFILE)
((FAILCOUNT++))
if [ $FAILCOUNT -ge $MAXFAIL ]; then
# self_destruct
exit
else
echo $FAILCOUNT > $COUNTFILE
fi
else
echo "1" > $COUNTFILE
fi
fi
There are three comments in the previous script that work as
safety pins to prevent you from accidentally deleting your home
directory or the script itself. Remove them once you understand
how the script works.
° The TRIGGER_USER variable holds the username that will trigger an
immediate wipe of the home directory. Note that this should not be a
real user account on the system.
° The MAXFAIL variable sets the number of failed login attempts in a
row by the pi user that triggers a wipe of the home directory.
° The COUNTFILE variable holds the path to a text file that will be used
to keep track of the number of failed login attempts by the pi user.
° The self_destruct function is where all the action is. It deletes
and recreates the pi user's home directory and erases a few traces
of eCryptfs.
° The PAM_USER variable is passed to our script from the pam_exec.so
module that started our script. It contains the name that was entered
at the login prompt and failed to authenticate.
° If the user that failed to log in was our TRIGGER_USER , then start the
self_destruct sequence.
 
Search WWH ::




Custom Search