Merge pull request #30 from 34N0/distribution

build: add deb & rpm packages

Cargo.toml

@@ -3,8 +3,8 @@ members = ["xtask"]
 
 [package]
 name = "pam-authramp"
-version = "0.1.0"
-description = "A PAM module for implementing ramping up delay on authentication failures."
+version = "0.3.0"
+description = "The AuthRamp PAM module provides an account lockout mechanism based on the number of authentication failures."
 authors = ["34n0 <34n0@immerda.ch>"]
 license = "GPL-3.0"
 publish = false
@@ -27,3 +27,18 @@ tempfile = "3.8.1"
 users = "0.11.0"
 log = "0.4"
 toml = "0.8.8"
+
+[package.metadata.generate-rpm]
+assets = [
+    { source = "target/release/libpam_authramp.so", dest = "/usr/lib64/security/libpam_authramp.so", mode = "755" },
+    { source = "example/system-auth/authramp.conf", dest = "/etc/security/authramp.conf", mode = "644" },
+]
+
+[package.metadata.deb]
+depends = "$auto"
+section = "utility"
+priority = "optional"
+assets = [
+    ["target/release/libpam_authramp.so", "usr/lib64/security/", "755"],
+    ["example/system-auth/authramp.conf", "/etc/security/authramp.conf", "644"],
+]

README.md

@@ -7,8 +7,22 @@ The AuthRamp PAM (Pluggable Authentication Modules) module provides an account l
 4. [Contributing](#contributing)
 
 ## Installation
-1. Copy the `libpam_authramp.so` library to the default PAM library directory. The directory varies for different distributions. For example, in current Fedora versions, the path is `/lib64/security`.
-2. Add the module library calls to the PAM service stack in `/etc/pam.d`.
+### RPM
+If you're a RPM distribution user, then then pam-authramp can be installed using a binary .rpm file provided in each [release](https://github.com/34N0/pam-authramp/releases).
+```bash
+curl -LO https://github.com/34N0/pam-authramp/releases/download/v0.3.0-alpha/pam-authramp-0.3.0-1.x86_64.rpm
+sudo rpm -i pam-authramp-0.3.0-1.x86_64.rpm
+```
+### Debian
+If you're a Debian user (or a user of a Debian derivative like Ubuntu), then pam-authramp can be installed using a binary .deb file provided in each [release](https://github.com/34N0/pam-authramp/releases).
+```bash
+curl -LO https://github.com/34N0/pam-authramp/releases/download/v0.3.0-alpha/pam-authramp_0.3.0-1_amd64.deb
+sudo dpkg -i pam-authramp_0.3.0-1_amd64.deb
+```
+### Manually
+1. Download the latest [release](https://github.com/34N0/pam-authramp/releases).
+2. Copy the `libpam_authramp.so` library to the default PAM library directory. The directory varies for different distributions. For example, in current Fedora versions, the path is `/lib64/security`.
+3. Add the module library calls to the PAM service stack in `/etc/pam.d`.
 
 Add the preauth hook before the authentication module:
 ```conf

example/system-auth/authramp.conf

@@ -4,17 +4,22 @@
 [Settings]
 # Directory where tally information is stored.
 # Each user has a separate file in this directory to track authentication failures.
-tally_dir = /var/run/authramp
+# tally_dir = /var/run/authramp
 #
 # Number of allowed free authentication attempts before applying delays.
 # During these free tries, the module allows authentication without introducing delays.
-free_tries = 6
+# free_tries = 6
 #
 # Base delay applied to each authentication failure.
 # This is the initial delay applied after the free tries are exhausted.
-base_delay_seconds = 30
+# base_delay_seconds = 30
 #
 # Multiplier for the delay calculation based on the number of failures.
 # The delay for each subsequent failure is calculated as follows:
 # delay = ramp_multiplier * (fails - free_tries) * ln(fails - free_tries) + base_delay_seconds
-ramp_multiplier = 50
+# ramp_multiplier = 50
+#
+# Even lock out the root user. Enabling this can be dangerous and may result in a total system lockout.
+# For auditing purposes, the tally will still be created for the root user, even if this setting is disabled.
+# If you plan to enable this feature, make sure there isn't any tally stored under <tally_dir>/root, or you risk immediate lockout.
+# even_deny_root = false