Increase security by Locking Admin screen/console

Posted on in Categories News last updated January 31, 2006

This is especially useful for Linux/BSD/Unixish system which have multiple users with access to the console. One user may lock his or her session while still allowing other users to use the system on other virtual consoles. If desired, the entire console may be locked and virtual console switching disabled. This is really a good idea to lock your workstation which is use to control other servers in your network environment. Both FreeBSD and Linux support locking the screen option. Generally, KDE and Gnome include a locking feature. The idea is very simple secure your terminal from unwanted people.

Shell variables to auto-logout
Almost all-modern shell support some sort of auto logout option. Under BASH you need to use TMOUT variable. You can setup TMOUT in seconds, bash terminates after waiting for that number of seconds if input does not arrive. For example if you setup TMOUT 60 seconds:

$ export TMOUT=60

So, if no input (command typed) arrived it will terminate shell with following message:
timed out waiting for input: auto-logout

You can add TMOUT to your shell configuration file ~/.bash_profile file.

However, I liked tcsh shell (the default shell under FreeBSD) autologout variable. Genral syntax is as follows:
$ set autologout = (VAL1 VAL2)

VAL1 : The number of minutes of inactivity before automatic logout
VAL2 : The number of minutes of inactivity before automatic locking will take place this is optional.
For example, you can set autologout as follows.

$ set autologout = (5 10)

You can add autologout to your shell configuration file ~/.cshrc OR ~/.tcshrc.

Using vlock under Linux to lock screen
vlock is a program to lock one or more sessions on the Linux consol. Install it using apt-get or yum:

# apt-get install vlock

OR if you are a Fedora user

# yum install vlock

Now to lock your console or screen just type vlock command at shell prompt:

$ vlock

This TTY is now locked.
Please enter the password to unlock.
jadmins's Password:

Using lock command under FreeBSD/OpenBSD
The lock command requests a password from the user, reads it again for verification and then will normally not relinquish the terminal until the password is repeated.

$ lock

lock: /dev/ttyp0 on timeout in 15 minutes.
time now is Tue Jan 31 20:46:14 IST 2006

See also:

2 comment

  1. It would be neat to combine the tcsh or bash timeout feature to engage the vlock function so you wouldnt’ loose your cwd, history, etc… but would have the safety of having the shell require a password if the timeout was exceeded.

    That’s my Christmas Wish :)

  2. thanks a lot Vivek, Please let us know how to use like the Ctrl + L option in windows
    We would be thankful to you

Leave a Comment