My development and testing webserver is used by over 100s of users. These users login from Windows XP, Linux, Mac OS X system via ssh. How do I set or automatically log users out after a period of inactivity under CentOS Linux server to improve server security and save some resources?
You can configure any Linux system to automatically log users out after a period of inactivity. Simply login as the root user and create a file called /etc/profile.d/autologout.sh, enter::
# vi /etc/profile.d/autologout.sh
Append the following code:
TMOUT=300 readonly TMOUT export TMOUT
Save and close the file. Set permissions:
# chmod +x /etc/profile.d/autologout.sh
Above script will implement a 5 minute idle time-out for the default /bin/bash shell. You can also create tcsh version as follows:
# vi /etc/profile.d/autologout.csh
Append the following code:
set -r autologout 5
Save and close the file. Set permissions, enter:
# chmod +x /etc/profile.d/autologout.csh
Dealing with ssh clients
SSH allows administrators to set an idle timeout interval. After this interval has passed, the idle user will be automatically logged out. Open /etc/ssh/sshd config file, enter:
# vi /etc/ssh/sshd config
Find ClientAliveInterval and set to 300 (5 minutes) as follows:
ClientAliveInterval 300 ClientAliveCountMax 0
Save and close the file. Restart sshd:
# service sshd restart
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- My 10 UNIX Command Line Mistakes
- 10 Greatest Open Source Software Of 2009
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
- Email FAQ to a friend
- Download PDF version
- Printable version
- Comment RSS feed
- Last Updated: 02/24/09
{ 6 comments… read them below or add one }
nice tip
Good tips .. :-)
while date ; do sleep 10 ; done
or
watch -n 10 date
;)
i wont hardware networking /linux /ccna
We wanted something a bit more user explicit (log out idle users but not the boss(s)). The list of users below are exempt. Set this script in crontab to run every 10 minutes. With an idle of time of 30, the idled sessions will be no more than 39 minutes idle.
Here is our script;
#! /usr/bin/awk -f BEGIN { system("who -u | sort +5 > /tmp/loginfile"); system("echo User Sessions Killed > /tmp/killedlogins"); system("echo `date` >> /tmp/killedlogins"); while (getline = 1) || (timearray[2] >= 30)) && ($1 != "root") && ($1 != "user2") && ($1 != "user2") && ($1 != "user4") && ($1 != "lastuser")) { { system("ps -ef | grep " $1 " | awk '{print $2}' | xargs kill -KILL"); print $1, "[Idle " $6 "] Session terminated from " $8 >> "/tmp/killedlogins"; }; }; }; }@MikeM
Thanks for sharing your script.