A Pluggable Authentication Module (PAM) which allows the establishment of alternate passwords that can be used to perform actions to clear sensitive data, notify IT/Security staff, close off sensitive network connections, etc if a user is coerced into giving a threat actor a password.
Issue resolved and tested as follows by putting a whoami script in /etc/duress.d under root ownership/execution permissions and another in ~/.duress. Addtionally a script that just echo'd "don't run me" was also put under ~/.duress but was given root ownership/execution permissions. Running sudo pam_test nuvious on the dev machine produced the following output:
The first whoami is run under /etc/duress.d and outputs root as expected. The whoami script under ~/.duress now outputs 'nuvious' instead of 'root' as is desired and required for resolution of this issue. Finally the don't run script under ~/.duress is not run.
Issue resolved and tested as follows by putting a whoami script in /etc/duress.d under root ownership/execution permissions and another in ~/.duress. Addtionally a script that just echo'd "don't run me" was also put under ~/.duress but was given root ownership/execution permissions. Running
sudo pam_test nuviouson the dev machine produced the following output:The first whoami is run under /etc/duress.d and outputs root as expected. The whoami script under ~/.duress now outputs 'nuvious' instead of 'root' as is desired and required for resolution of this issue. Finally the don't run script under ~/.duress is not run.