Fix script so that it doesn't constantly concatenate.
BUG=b/300016454
TEST=None
RELEASE_NOTE=None
cos-patch: bug
Change-Id: I884fcc6c49d5fc3af80bfe2a8d3388d5f7e8d29b
diff --git a/alphabet-compliance/scripts/5330-password-reuse-limited.sh b/alphabet-compliance/scripts/5330-password-reuse-limited.sh
index f5372eb..a2822f9 100644
--- a/alphabet-compliance/scripts/5330-password-reuse-limited.sh
+++ b/alphabet-compliance/scripts/5330-password-reuse-limited.sh
@@ -14,6 +14,16 @@
# limitations under the License.
## Section: 5.3.3 Ensure password reuse is limited (Not Scored) ##
-sed -i '0,/password/s//password required pam_pwhistory.so remember=5\n&/' \
- /etc/pam.d/system-auth
-sed -i 's/password.*pam_unix.so/& remember=5/' /etc/pam.d/system-auth
+# Check if the changes have already been made
+if ! grep -q \
+ "password[[:space:]]*required[[:space:]]*pam_pwhistory.so[[:space:]]*remember=5" \
+ /etc/pam.d/system-auth; then
+ sed -i \
+ '0,/password/s//password required pam_pwhistory.so remember=5\n&/' \
+ /etc/pam.d/system-auth
+fi
+if ! grep -q \
+ "password[[:space:]]*required[[:space:]]*pam_unix.so[[:space:]]*remember=5" \
+ /etc/pam.d/system-auth; then
+ sed -i 's/password.*pam_unix.so/& remember=5/' /etc/pam.d/system-auth
+fi