增加用户登陆失败多少次后锁定用户多久的配置（还没写完）

#!/bin/bash
# 通过脚本提示，设置ssh用户登录次数和失败次数限制
# 需要系统本身带pam_tally2，没有对这个做检查
function add_policy(){
    echo "登录失败多少次锁定(输入一个数字)："
    while true
    do
        read deny_time
        if [[ -n $(echo "${deny_time}"|grep -Eo '^[1-9]([0-9]+|)$') ]]
        then
            break
        else
            echo "请输入一个正整数。"
        fi
    done
    echo "触发失败次数后锁定时间(输入一个数字)："
    while true
    do
        read deny_duration
        if [[ -n $(echo "${deny_duration}"|grep -Eo '^[1-9]([0-9]+|)$') ]]
        then
            break
        else
            echo "请输入一个正整数。"
        fi
    done
    cmd="auth required pam_tally2.so deny=${deny_time} lock_time=${deny_duration}"
    echo "是否锁定root（Y/N）。"
    while true
    do
        read deny_root
        if [[ ${deny_root} == 'Y' ]] || [[ ${deny_root} == 'y' ]]
        then
            echo "root触发失败次数后锁定时间(输入一个数字)："
            while true
            do
                read root_deny_duration
                if [[ -n $(echo "${root_deny_duration}"|grep -Eo '^[1-9]([0-9]+|)$') ]]
                then
                    cmd="${cmd} even_deny_root root_unlock_time=${root_deny_duration}"
                    break
                else
                    echo "请输入一个正整数。"
                fi
            done
            break
        elif [[ ${deny_root} == 'N' ]] || [[ ${deny_root} == 'n' ]]
        then
            break
        else
            echo "请输入Y或者N"
        fi
    done
    echo "当前配置为："
    echo ${cmd}
    echo "是否更新配置（Y/N）"
    while true
    do
        read add_flag
        if [[ ${add_flag} == 'Y' ]] || [[ ${add_flag} == 'y' ]]
        then
            ts=$(date +%Y%m%d%H%M%S)
            echo "备份配置文件 /etc/pam.d/sshd 到 /etc/pam.d/sshd.bak.${ts}"
            cp -a /etc/pam.d/sshd /etc/pam.d/sshd.bak.${ts}
            sed -n '1,1p' /etc/pam.d/sshd.bak.${ts} > /etc/pam.d/sshd.tmp
            echo "${cmd}" >> /etc/pam.d/sshd.tmp
            sed -n '2,$p' /etc/pam.d/sshd.bak.${ts} >> /etc/pam.d/sshd.tmp
            cat /etc/pam.d/sshd.tmp > /etc/pam.d/sshd
            echo "更新完毕，当前配置为："
            cat /etc/pam.d/sshd
            exit 0
        elif [[ ${add_flag} == 'N' ]] || [[ ${add_flag} == 'n' ]]
        then
            exit 0
        else
            echo "请输入Y或者N"
        fi
    done
}
# function edit_policy(){
    
# }
# function delete_policy(){
# }
pam_tally2_exist=$(which pam_tally2 &>/dev/null ; echo $?)
if [[  -f /etc/pam.d/sshd ]]
then
    line_cnt=$(cat /etc/pam.d/sshd |grep -v '#' |grep pam_tally2.so|wc -l)
    # 如果没有配置就增加
    if [[ 10#${line_cnt} -eq 0 ]]
    then
        echo "当前没有配置，是否增加配置（Y/N）。"
        add_flag=''
        while true
        do
            read add_flag
            if [[ ${add_flag} == 'Y' ]] || [[ ${add_flag} == 'y' ]]
            then
                break
            elif [[ ${add_flag} == 'N' ]] || [[ ${add_flag} == 'n' ]]
            then
                exit 0
            else
                echo "请输入Y或者N"
            fi
        done
        add_policy
    # 如果有配置就修改
    # elif [[ 10#${line_cnt} -eq 1 ]]
    # then
    # 其他
    # else
        # add_policy
    fi
    # todo: 解锁等
fi