#!/bin/bash

. /usr/lib/common-criteria/scripts/libcc

trap "cc_exec_log rm -f /etc/login.defs.$$" 0 1 2 3 15
# setting umask to restrictive value
# this setting is picked up by pam_umask
cc_exec_log cp -af /etc/login.defs /etc/login.defs.$$
cc_exec_log sed -i '/^UMASK/s/[0-9]\+/077/;/^PASS_MAX_DAYS/s/[0-9]\+/60/;/^PASS_MIN_DAYS/s/[0-9]\+/1/' /etc/login.defs.$$
cc_replace /etc/login.defs.$$ /etc/login.defs
cc_echo "login.defs configured"

cc_exit 0
