A Pluggable Authentication Module (PAM) which allows the establishment of alternate passwords that can be used to perform actions to clear sensitive data, notify IT/Security staff, close off sensitive network connections, etc if a user is coerced into giving a threat actor a password.
At the moment there are not unit tests to ensure compatibility with linux, freebsd, etc. Also negative testing should be added to ensure that the module doesn't permit authentication attacks such as impersonation or privilege escalation. Finally there should be tests to ensure that scripts are only run if owned by the user or group the user; both positive tests and negative. Here's a list of the desired positive and negative test to implement.
Positive test for scripts in ~/.duress/*
Test with 500, 510, 550, 700, 710 & 750 # NOTE: Add support for 510 and 710 permissions.
Positive test for scripts in /etc/duress.d/*
Negative tests for improper permissions on duress scripts.
Docker files for all tests to run them under different distributions; ideally Debian, Ubuntu, BSD, CentOS/Redhat, etc.
At the moment there are not unit tests to ensure compatibility with linux, freebsd, etc. Also negative testing should be added to ensure that the module doesn't permit authentication attacks such as impersonation or privilege escalation. Finally there should be tests to ensure that scripts are only run if owned by the user or group the user; both positive tests and negative. Here's a list of the desired positive and negative test to implement.