LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-08-2016, 01:27 PM   #1
Liinuksi
LQ Newbie
 
Registered: Aug 2016
Posts: 4

Rep: Reputation: Disabled
Securing the console by forcing log off regardless of application running


Problem: Linux console is left "open" (=user logged on), running an application like emacs, less - whatever. How to force the user to log off after certain time of inactivity no matter what the user is doing on the console? Setting shell timeout is not the solution because it does not work if an application is running - and this "timeout solution" is something all my searches tend to find.

The user should be logged out regardless being a root or non-root user. Log out nicely (like the shell timeout) or less nicely (like killing the login shell) is acceptable - forgetting the console unlocked after office hours is not acceptable. Console login cannot be completely forbidden either.

I am thinking of something like when the console is blanked after inactivity, could this be used to trigger something to log out all console sessions? Or could this be implemented via a cron job which would check at certain time intervals the inactivity?
 
Old 08-08-2016, 01:34 PM   #2
ihaveavirus
LQ Newbie
 
Registered: Jul 2016
Distribution: RHEL
Posts: 22

Rep: Reputation: Disabled
You can set the TMOUT variable and that will log off a user from the console after a period of inactivity. Its calculated in seconds, so if you want the timeout to be 5 minutes, 300 should be the number you use.

Last edited by ihaveavirus; 08-08-2016 at 01:36 PM.
 
Old 08-08-2016, 01:53 PM   #3
Liinuksi
LQ Newbie
 
Registered: Aug 2016
Posts: 4

Original Poster
Rep: Reputation: Disabled
As I wrote, the shell timeout does not work if the user is running for example emacs. Not only does it allow using the application currently running, CTRL-Z and you have shell access. I need a way to terminate the console session of an idle user automatically no matter what application is running.
 
Old 08-08-2016, 02:18 PM   #4
ihaveavirus
LQ Newbie
 
Registered: Jul 2016
Distribution: RHEL
Posts: 22

Rep: Reputation: Disabled
Quote:
Originally Posted by Liinuksi View Post
Problem: Linux console is left "open" (=user logged on), running an application like emacs, less - whatever. How to force the user to log off after certain time of inactivity no matter what the user is doing on the console? Setting shell timeout is not the solution because it does not work if an application is running - and this "timeout solution" is something all my searches tend to find.

The user should be logged out regardless being a root or non-root user. Log out nicely (like the shell timeout) or less nicely (like killing the login shell) is acceptable - forgetting the console unlocked after office hours is not acceptable. Console login cannot be completely forbidden either.

I am thinking of something like when the console is blanked after inactivity, could this be used to trigger something to log out all console sessions? Or could this be implemented via a cron job which would check at certain time intervals the inactivity?
Too much coffee today, my apologies with all the edits. Do your users use SSH? You can set the client timeout to whatever you want. This will terminate any SSH traffic after a given period of inactivity. The ClientAliveInterval is the setting you want to adjust in your server's sshd config file to a set number of seconds and then set the ClientAliveCountMax to 0. This will ensure a user's login get terminated as soon as the ClientAliveInterval is reached.

Last edited by ihaveavirus; 08-08-2016 at 03:05 PM.
 
Old 08-11-2016, 03:37 PM   #5
Liinuksi
LQ Newbie
 
Registered: Aug 2016
Posts: 4

Original Poster
Rep: Reputation: Disabled
SSH is not the problem - in fact those connections I do NOT want to terminate. Since it looks like there is nothing reliable and ready made for this, I wrote a script to list tty users, then read their last activity time from /dev/ttyX and then run that in cron.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Forcing RH9 to automatically log in obsolete123 Linux - Newbie 2 07-10-2007 02:43 PM
Disabling direct console login: forcing su nitinatindore Linux - Security 4 05-09-2007 12:10 AM
Forcing close a application that is not responding Jim28 Linux - Software 3 09-24-2006 11:55 AM
Setting DSL for autologin and forcing a better resolution on console stormrider_may DamnSmallLinux 4 02-06-2006 03:42 AM
Securing the Console glock19 Linux - Software 10 05-01-2003 06:47 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:16 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration