-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME
246 lines (190 loc) · 9.46 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
Autolog 0.35
Autolog is a version of autologout (idleout-mcm) modified by me to allow
a more detailed configuration file, and to accept command line parameters.
According to David Dickson, the code originally came from the "Wizard's
Grabbag" from the May 1990 Unix World. He ported the code essentially
unchanged.
Mike Mitchell added some code to read a file "/etc/autologout.exempt"
listing those users which should not be subject to auto logout.
My system required a little more complex approach. I wanted some
users to be logged off more aggressively than others. I wanted my own
sessions to remain on line only if they existed on certain ports.
I also wanted users coming in over the net to be subject to a little
different idle time than other users.
After doing version 0.20, several people wrote with various additions
and patches. The problem was that the original syntax of the autolog.conf
file was a bit limiting and it was hard to work in too many additional
features without making a big fat mess. With the new, improved format
of the configuration file, I should be able to accomodate many more
future features.
The configuration file consists of multiple lines, each of which describes
a class of processes subject (or not subject) to a certain auto logout
procedure. A line consists of any number of switches. Value switches are
of the form: "name=value". Boolean switches are of the form: "name" or
"noname". Here are some example lines:
name=root line=tty[1-7] idle=0
name=guest idle=5 grace=60 nomail hard warn
group=lynx-.* idle=10 grace=60 clear
idle=60 grace=30
Using these switches, you can define a username, a group, and a tty line.
These descriptions can contain wildcard characters (regular expressions).
You can also define an idle time, a grace period and a few other options.
When reading the configuration file, the program creates a record for each
configuration line. A value is assigned to each variable in the record
regardless of whether or not you specify one explicitly. Values for
missing variables are provided by defaults which are compiled in and can
be modified from the command line.
If no configuration file is found, the program will create a single
entry which has all values set from the defaults. This entry will match
any process on any port (name=.+ line=.+ group=.+). Therefore, the default
action is to kill all processes.
The values which can be set for each entry are as follows:
name=
A regular expression specifying which username(s) to match.
group=
A regular expression specifying which group(s) to match.
line=
A regular expression specifying which tty line(s) to match.
Omit the "/dev/" part of the special name.
idle=
An integer specifying the number of minutes of idle
(or connect) time to allow before beginning automatic logoff.
An idle time of 0 exempts the process from automatic logoff.
grace=
An integer specifying the number of seconds from the initial
warning to killing the process.
hard
A boolean value indicating total connect time will be
considered rather than idle time.
mail
A boolean value indicating that mail will be sent to the
user explaining that he was killed.
clear
A boolean value indicating that the screen will be cleared
before a warning message is sent.
warn
A boolean value indicating that a warning message will be
sent at the beginning of the "grace" period.
log
A boolean value indicating that activities will be logged
to the logfile (if it exists).
Once configured, the program reads the utmp file, entry by entry. The
username for each 'user process' is compared to the entries in the
configuration file. The first entry to match both the name, the group,
and the tty line of the process will be used to conduct the automatic
logout.
If no entries are found matching a given process, that process will be
spared from an untimely demise. Therefore, it is a good idea to always
have a "cleanup" line at the end of the configuration file to catch
anything that might have been missed by the more explicit definitions.
Since the default name, group, and line are all ".+", a simple line like:
idle=30
will do. Actually, any one switch can be specified on the line and all the
others will get the default values.
See the sample file autolog.conf for an example configuration.
Installation Instructions:
1. If desired, edit the defaults in autolog.c such as
D_IDLE, D_GRACE, D_MAIL, etc. (This is generally not
necessary).
If you want the binary to land somewhere besides
/usr/sbin, edit the Makefile accordingly.
2. Type 'make install'.
3. Copy autolog.conf to /etc and then edit it to make the
changes needed by your system. (See the instructions
above.)
4. Wait until the system has a bunch of idle processes.
Run "autolog -d -n |less" and examine the output to see
that the desired processes are going to "get the axe."
If it looks good, try running "autolog -d" to make sure.
When you're happy with your configuration file, setup cron.
5. In your Crontab file place a line that invokes
autolog about every few minutes, such as:
0,10,20,30,40,50 * * * * /usr/sbin/autolog
On my system cron only runs the process at night.
This way, users sessions stay on uninterrupted during the
workday. I use the lines:
0 20 * * * /usr/sbin/autolog
0 22 * * * /usr/sbin/autolog
0 1 * * * /usr/sbin/autolog
COMMAND LINE PARAMETERS:
-a (all processes) Print information on ALL utmp entries--not just
user processes.
-d (debug mode) This is helpful in setting up your configuration file.
The program runs in foreground rather than forking and it prints
out verbose messages about what it is doing.
-n (nokill) Use this to prevent autolog from actually "killing"
anyone. Use -d and -n together when setting up a new
configuration file.
-f config_file_name
Use this to override the default: "/etc/autolog.conf"
-l log_file_name
Use this to override the default: "/var/log/autolog.log"
Note that if this file doesn't exist, no logging will happen.
Create the file (with touch) to enable logging.
-t idle_time
Use this to override the internal default idle time (minutes)
-g grace_period
Use this to override the internal default grace period (seconds)
-m yes/no
Use this to override the internal mailing switch. If "yes"
the program will send mail to the users right after killing them.
-c yes/no
Use this to override the internal "pre-clear" switch. If "yes"
the program will clear the terminal screen before warning the user.
-w yes/no
If set to "no" no warning message will be printed to processes
about to be killed.
-h yes/no
Do timeouts based on total session time--not idle time. (hard)
-L yes/no
If set to "yes" activities will be written to the logfile if
present.
Bugs/Caveats:
- The utmp file seems to only hold 8 characters worth of login name.
If your login name is shorter than this, note that autolog may only
see the first 8 characters. This is screwing up the group search
function too. This shouldn't be too hard to fix. I'll
just have to derive the real login name from the pid or something...
- There is a feature that would be very helpful that autolog doesn't have
yet. The ppp program generally creates a login process which is seen
by autolog. The problem is that network activity does not change the
idle time on the tty controlled by ppp. So there is no way (with the
existing code) for autolog to know if the network link has gone idle for
a period of time (it appears idle all the time--no matter what happens.
So your choices are this: You can leave ppp out of your
"autolog strategy" in which case it will look like an idle shell and will
get killed. Or, you can put it in the configuration file with an
exemption (idle=0) in which case it will never get killed no matter what.
If someone knows where I can snoop in the OS (in a portable way) to find
out how long its been since a ppp login passed any network traffic, I
would add a ppp switch to be used for this purpose.
CHANGES:
- 0.2:
Added 'hard' logout feature. Several bug fixes.
- 0.21:
Added 'pre-clear' option.
- 0.30:
Rewrote the configuration file parser. Added group matching and the
"nowarn" option. Rewrote/cleaned up almost the whole program.
- 0.31:
Fixed bug with searching for group. If the group could not be found
from the username, the program would segmentation fault. Hopefully fixed.
- 0.32:
re_exec seems to have a bug that dumps core in some cases. I rewrote
the pat_match routine to not use it. Both versions of pat_match are
included with an #ifdef.
- 0.33: Nov 1996
Fixed bug in logging routine. When writing to log file, the program
could crash. Also more careful check for non-existent processes.
- 0.34: Dec 1996
Added man pages (thanks to Christoph Lameter).
Some login processes didn't twiddle the "last access" time when a user
first logged in. Checked to see if last access was older than login
time to rule out such problems.
- 0.35: Oct 1998
fixed segfault error (Thanks to Thomas Gray). fclose(log) was being
called even when the logfile hadn't been opened.
Have fun knocking off those 'delinquent' users! And don't let the power
go to your head...
Kyle Bateman