From f7f323b763486a76a1231760e5eaa8d42f6d772d Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 5 Aug 2017 23:13:28 +0100
Subject: [PATCH] Only change pam values when needed

---
 src/freedombone-utils-setup | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/freedombone-utils-setup b/src/freedombone-utils-setup
index fd772f62..c8bed2c4 100755
--- a/src/freedombone-utils-setup
+++ b/src/freedombone-utils-setup
@@ -458,13 +458,17 @@ function set_max_login_tries {
     if ! grep -q ' deny=' /etc/pam.d/common-auth; then
         sed -i "/pam_deny.so/a auth    required\t\t\tpam_tally.so    onerr=fail no_lock_time per_user deny=$max_tries" /etc/pam.d/common-auth
     else
-        sed -i "s| deny=.*| deny=$max_tries|g" /etc/pam.d/common-auth
+        if ! grep -q " deny=$max_tries" /etc/pam.d/common-auth; then
+            sed -i "s| deny=.*| deny=$max_tries|g" /etc/pam.d/common-auth
+        fi
     fi
 
     if ! grep -q ' deny=' /etc/pam.d/common-account; then
         sed -i '/pam_deny.so/a account required\t\t\tpam_tally.so' /etc/pam.d/common-account
     else
-        sed -i "s| deny=.*| deny=$max_tries|g" /etc/pam.d/common-account
+        if ! grep -q " deny=$max_tries" /etc/pam.d/common-account; then
+            sed -i "s| deny=.*| deny=$max_tries|g" /etc/pam.d/common-account
+        fi
     fi
 }
 
@@ -630,7 +634,9 @@ function dummy_nologin_command {
 }
 
 function disable_null_passwords {
-    sed -i 's| nullok_secure||g' /etc/pam.d/common-auth
+    if grep -q ' nullok_secure' /etc/pam.d/common-auth; then
+        sed -i 's| nullok_secure||g' /etc/pam.d/common-auth
+    fi
 }
 
 function create_usb_canary {