#!/usr/bin/env bash

files_to_check=$(awk '/Password-Type:/{ f = 1;next } /-Type:/{ f = 0 } f {if (/pam_pwhistory\.so/) print FILENAME}' /usr/share/pam-configs/*)
if [[ -z $files_to_check ]]; then
	echo "file was not  found"
else
	for file in "$files_to_check"; do
		if grep -Eq "pam_pwhistory\.so.*remember=" "$file"; then
			current_value=$(grep -Eo "remember=[0-9]+" "$file" | grep -Eo "[0-9]+")
			if [ "$current_value" -lt 24 ]; then
				exit 1
			fi
		else
			exit 1
		fi
	done
	exit 0
fi