Skip to content

JKDingwall/autolog

Repository files navigation

Please see CHANGES / git history post 0.42.

Autolog 0.42

James Dingwall <james.dingwall@ncrvoyix.com> as maintainer

Autolog 0.41

The source was investigated after examining issues which occurred when
accounts with long usernames (nss_winbind DOMAIN\user) would cause
autolog to segfault.  This revealed two key issues:

- userdata string length < UT_NAMESIZE
- ps output with truncated usernames did not match pids

This revision updates string handling functions to use suitable 'n'
variants, makes user and terminal variables use UT_NAMESIZE and
UT_LINESIZE, changes the default ps command to output usernames to
32 characters to match UT_NAMESIZE;

Autolog 0.40

Autolog is a new version of autolog by Kyle Bateman (kyle@actarg.com),
modified by me (Carsten Juerges, juerges@cip-bau.uni-hannover.de) to
get the logout-warning on that terminal I worked in, last time.
Before the warning was written on the login-screen, where I
started X (startx), so it was difficult to get or to react on
this warning.

Now it is checked, which is the terminal with the shortest idle-time
and the message is displayed there. So I can react on it, there.

I put the old readme-text below the (=====)-line and added my changes
(of details) into that text. They can be found by searching for "##".

Here I just want to report about a few changes, I added to the program.

 - first of all:
	This program can run in daemon-mode or as "ordinary program".
	As ordinary program it writes "/tmp/autolog.data" when starting.
	
	So it is not necessary to keep the program in memory to
	chase sleeping users. As this file is read, when the
	program starts. If this file doesn't exist, no problem.
	It will be generated next time.
	
	See the options.
	
	If running as daemon, make sure, you don't start it
	several times e.g. by crontab.
	
	If running as ordinary program, it will stay at least
	as long in memory until all necessary kickouts are done.
	And some more time to make sure, user doesn't return
	2 minutes later. (Until als bans are over.)

 - if a user logs out, before his session-limit is reached, his limit
   will be reset. It was also possible to log in again, after being
   kicked out.
     -> fixed this. added a ban-time. (##-1)
     		    the session-limit will be reset when the banning
     		    has passed or a bit later, depends on when the
     		    daemon wakes up from sleeping.

     -> added little feature that kills forgotten processes.
	they do appear (e.g. netscape) when a user does not
	terminate netscape correctly.

     -> daemon tries to wake up a sleeping user by beeping.
	the user also gets an email, his beeping might not work.
	Email might not work on a network, don't know, could
	only test this on one network, there it worked.

     -> being idle for too long is punished with 2 Mins ban.
        Users should not be punished for being idle they
        might be thinking about the current problem. They
        deserve a little break.
        These two minutes should only stop those user who
        log in again and again to block the computer.

     -> if the user tries to login before his ban-time ends,
	he will be kicked out without any warning. He will
	be banned for the originial ban-period, again :)
	
     -> changed the "exempt-code" to idle=-1, so idle=0
     	will be useful for demonstration-purpose.	
     	
     -> the information about crontab (down in the text)
	has expired, if running this program as daemon.
	left it, because i find the hints about crontabs
	quite useful.
	
        Maybe it is useful to restart the program from time
	to time as it might have halted due to any errors.
	(via cron)

        The program should only run once on a machine. Otherwise
	the resulting user-information about being kicked out
	it might be confusing.
	
     -> Make sure to reduce the size of the log-file from time
	to time, as it is always growing when adding messages.
	The logile or at least a part of it might be useful
	to find misconfiguration or even bugs in the program.
	
     	
=======================================================================


Autolog 0.35

Autolog is a version of autologout (idleout-mcm) modified by me to allow
a more detailed configuration file, and to accept command line parameters.
According to David Dickson, the code originally came from the "Wizard's
Grabbag" from the May 1990 Unix World.  He ported the code essentially
unchanged.

Mike Mitchell added some code to read a file "/etc/autologout.exempt"
listing those users which should not be subject to auto logout.

My system required a little more complex approach.  I wanted some
users to be logged off more aggressively than others.  I wanted my own
sessions to remain on line only if they existed on certain ports.
I also wanted users coming in over the net to be subject to a little
different idle time than other users.

After doing version 0.20, several people wrote with various additions
and patches.  The problem was that the original syntax of the autolog.conf
file was a bit limiting and it was hard to work in too many additional
features without making a big fat mess.  With the new, improved format
of the configuration file, I should be able to accommodate many more
future features.

The configuration file consists of multiple lines, each of which describes
a class of processes subject (or not subject) to a certain auto logout
procedure.  A line consists of any number of switches.  Value switches are
of the form: "name=value".  Boolean switches are of the form: "name" or
"noname".  Here are some example lines:

	name=root line=tty[1-7] idle=0
	name=guest idle=5 grace=60 nomail hard warn
	group=lynx-.* idle=10 grace=60 clear
	idle=60 grace=30

Using these switches, you can define a username, a group, and a tty line.
These descriptions can contain wildcard characters (regular expressions).
You can also define an idle time, a grace period and a few other options.
When reading the configuration file, the program creates a record for each
configuration line.  A value is assigned to each variable in the record
regardless of whether or not you specify one explicitly.  Values for
missing variables are provided by defaults which are compiled in and can
be modified from the command line.

If no configuration file is found, the program will create a single
entry which has all values set from the defaults.  This entry will match
any process on any port (name=.+ line=.+ group=.+).  Therefore, the default
action is to kill all processes.

The values which can be set for each entry are as follows:

	name=
	    A regular expression specifying which username(s) to match.
	group=
	    A regular expression specifying which group(s) to match.
	line=
	    A regular expression specifying which tty line(s) to match.
	    Omit the "/dev/" part of the special name.
	idle=
	    An integer specifying the number of --minutes-- of idle
	    (or connect) time to allow before beginning automatic logoff.
	    An idle time of 0 exempts the process from automatic logoff.
	    (##) changed this to "-1" => exempts idle-time.
	         this allows short idle-time "0" for demonstrating.
	grace=
	    An integer specifying the number of --seconds-- from the initial
	    warning to killing the process.
	ban=
	    An integer specifying the number of --minutes--, the user
	    should stay away after exceeding his session-limit. (##-1)
	hard
	    A boolean value indicating total connect time will be
	    considered rather than idle time.
	mail
	    A boolean value indicating that mail will be sent to the
	    user explaining that he was killed.
	clear
	    A boolean value indicating that the screen will be cleared
	    before a warning message is sent. (##)
	    -> will only be cleared, if user is still on that screen.
	warn
	    A boolean value indicating that a warning message will be
	    sent at the beginning of the "grace" period.
	log
	    A boolean value indicating that activities will be logged
	    to the logfile (if it exists).

Additionally I added a feature for exotic ps-versions:

	ps=ps -ef
	   a ps-command, which results in one heading line
	   and lines starting with username and pid
	   e.g. "ps=ps aux" on SuSE Linux.

	lostkill
	   A boolean value indicatin whether this program should
	   kill lost processes or not. So place "nolostkill" in
	   the config-file doesn't touch them.
	   If enabled(default), this program will only kill lost
	   processes with uid between 500 and 60000. Other uids
	   (at least in some Linux dialects) belong to system
	   processes which should not be killed.
	   	
Once configured, the program reads the utmp file, entry by entry.  The
username for each 'user process' is compared to the entries in the
configuration file.  The first entry to match both the name, the group,
and the tty line of the process will be used to conduct the automatic
logout.

If no entries are found matching a given process, that process will be
spared from an untimely demise.  Therefore, it is a good idea to always
have a "cleanup" line at the end of the configuration file to catch
anything that might have been missed by the more explicit definitions.
Since the default name, group, and line are all ".+", a simple line like:

	idle=30

will do.  Actually, any one switch can be specified on the line and all the
others will get the default values.

See the sample file autolog.conf for an example configuration.

Installation Instructions:

	1.	If desired, edit the defaults in autolog.c such as
		D_IDLE, D_GRACE, D_MAIL, etc.  (This is generally not
		necessary).
		
		If you want the binary to land somewhere besides
		/usr/sbin, edit the Makefile accordingly.
	
	2.	Type 'make install'.
	
	3.	Copy autolog.conf to /etc and then edit it to make the
		changes needed by your system.  (See the instructions
		above.)
	
	4.	Wait until the system has a bunch of idle processes.
		Run "autolog -d -n |less" and examine the output to see
		that the desired processes are going to "get the axe."
		If it looks good, try running "autolog -d" to make sure.
		When you're happy with your configuration file, setup cron.
	
	5.	In your Crontab file place a line that invokes
		autolog about every few minutes, such as:
		
		0,10,20,30,40,50 * * * * /usr/sbin/autolog
		
		On my system cron only runs the process at night.
		This way, users sessions stay on uninterrupted during the
		workday.  I use the lines:

		0 20 * * * /usr/sbin/autolog
		0 22 * * * /usr/sbin/autolog
		0  1 * * * /usr/sbin/autolog
		

COMMAND LINE PARAMETERS:

    -a	(all processes) Print information on ALL utmp entries--not just
        user processes.

    -d	(debug mode) This is helpful in setting up your configuration file.
        The program runs in foreground rather than forking and it prints
        out verbose messages about what it is doing.

    -n  (nokill) Use this to prevent autolog from actually "killing"
        anyone.  Use -d and -n together when setting up a new
        configuration file.

    -o  (ordinary) Use this to start the program as ordinary
	program. Otherwise it will stay as daemon in memory.
	Good idea if you are low on memory.

    -f  config_file_name
        Use this to override the default: "/etc/autolog.conf"

    -l  log_file_name
        Use this to override the default: "/var/log/autolog.log"

        Note that if this file doesn't exist, no logging will happen.
        Create the file (with touch) to enable logging.

    -t  idle_time
        Use this to override the internal default idle time (minutes)

    -g  grace_period
        Use this to override the internal default grace period (seconds)

    -m  yes/no
        Use this to override the internal mailing switch.  If "yes"
        the program will send mail to the users right after killing them.

    -c  yes/no
        Use this to override the internal "pre-clear" switch.  If "yes"
        the program will clear the terminal screen before warning the user.

    -w  yes/no
        If set to "no" no warning message will be printed to processes
        about to be killed.

    -h  yes/no
        Do timeouts based on total session time--not idle time. (hard)

    -L  yes/no
        If set to "yes" activities will be written to the logfile if
        present.


Bugs/Caveats:
- The utmp file seems to only hold 8 characters worth of login name.
  If your login name is shorter than this, note that autolog may only
  see the first 8 characters.  This is screwing up the group search
  function too.  This shouldn't be too hard to fix.  I'll
  just have to derive the real login name from the pid or something...

- There is a feature that would be very helpful that autolog doesn't have
  yet.  The ppp program generally creates a login process which is seen
  by autolog.  The problem is that network activity does not change the
  idle time on the tty controlled by ppp.  So there is no way (with the
  existing code) for autolog to know if the network link has gone idle for
  a period of time (it appears idle all the time--no matter what happens.

  So your choices are this:  You can leave ppp out of your
  "autolog strategy" in which case it will look like an idle shell and will
  get killed.  Or, you can put it in the configuration file with an
  exemption (idle=0) in which case it will never get killed no matter what.

  If someone knows where I can snoop in the OS (in a portable way) to find
  out how long its been since a ppp login passed any network traffic, I
  would add a ppp switch to be used for this purpose.

- When this program get to another system, it sometime needs
  to be recompiled. I compiled it in SuSE 6.3 and running under
  SuSE 6.0 it gave a "segmentation fault" without recompiling.


Ideas:
- One might find out, how the "you have new mail"-message gets
  to the user and try to use this way for letting the user know
  about his coming end.
- One might think about a pop-up box when running a session
  without any terminals. At the moment this program tries to
  send an email to the user. If one selects enough idle-time,
  this should be ok.
- Maybe it is possible when this deamon starts sleeping, it
  actually terminates and gets started again after some time.
  This might save some memory when sleeping or sleeping for more
  than 5 Minutes. I assume, other deamons behave like this, too,
  but I don't know how...


Have fun knocking off those 'delinquent' users!  And don't let the power
go to your head...

Kyle Bateman
kyle@actarg.com

Be careful when playing with a daemon. Devils like
playing, but only they know all rules of their games!
A game, plaid with a devil becomes the devil's game.

Users should be informed about such a program running.
Especially users, which are kicked off without warning
might get very angry when losing several hours of work.
Keep in mind, some are running jobs over several hours.

Carsten Juerges
juerges@cip-bau.uni-hannover.de


p.s.   quoting a part of "man strtok"
       > BUGS   Never use this function.  This function modifies ...