Autolog

Killing Idle Users - Autolog

Note:

This is the README file for Kyle Bateman's Autolog 0.35 modified for SCO OpenServer.
A SCO port of autolog is available as either a binary distribution or as source.

Autolog is a version of autologout (idleout-mcm) modified by me to allow a more detailed configuration file, and to accept command line parameters. According to David Dickson, the code originally came from the "Wizard's Grabbag" from the May 1990 Unix World. He ported the code essentially unchanged.

Mike Mitchell added some code to read a file "/etc/autologout.exempt" listing those users which should not be subject to auto logout.

My system required a little more complex approach. I wanted some users to be logged off more aggressively than others. I wanted my own sessions to remain on line only if they existed on certain ports. I also wanted users coming in over the net to be subject to a little different idle time than other users.

After doing version 0.20, several people wrote with various additions and patches. The problem was that the original syntax of the autolog.conf file was a bit limiting and it was hard to work in too many additional features without making a big fat mess. With the new, improved format of the configuration file, I should be able to accomodate many more future features.

The configuration file consists of multiple lines, each of which describes a class of processes subject (or not subject) to a certain auto logout procedure. A line consists of any number of switches. Value switches are of the form: "name=value". Boolean switches are of the form: "name" or "noname". Here are some example lines:

   name=root line=tty[1-7] idle=0
   name=guest idle=5 grace=60 nomail hard warn
   group=lynx-.* idle=10 grace=60 clear
   idle=60 grace=30

Using these switches, you can define a username, a group, and a tty line. These descriptions can contain wildcard characters (regular expressions). You can also define an idle time, a grace period and a few other options. When reading the configuration file, the program creates a record for each configuration line. A value is assigned to each variable in the record regardless of whether or not you specify one explicitly. Values for missing variables are provided by defaults which are compiled in and can be modified from the command line.

If no configuration file is found, the program will create a single entry which has all values set from the defaults. This entry will match any process on any port (name=.+ line=.+ group=.+). Therefore, the default action is to kill all processes.

The values which can be set for each entry are as follows:

name= A regular expression specifying which username(s) to match.
group= A regular expression specifying which group(s) to match.
line= A regular expression specifying which tty line(s) to match. Omit the "/dev/" part of the special name.
idle= An integer specifying the number of minutes of idle (or connect) time to allow before beginning automatic logoff. An idle time of 0 exempts the process from automatic logoff.
grace= An integer specifying the number of seconds from the initial warning to killing the process.
hard A boolean value indicating total connect time will be considered rather than idle time.
mail A boolean value indicating that mail will be sent to the user explaining that he was killed.
clear A boolean value indicating that the screen will be cleared before a warning message is sent.
warn A boolean value indicating that a warning message will be sent at the beginning of the "grace" period.
log A boolean value indicating that activities will be logged to the logfile (if it exists).

Once configured, the program reads the utmp file, entry by entry. The username for each 'user process' is compared to the entries in the configuration file. The first entry to match both the name, the group, and the tty line of the process will be used to conduct the automatic logout.

If no entries are found matching a given process, that process will be spared from an untimely demise. Therefore, it is a good idea to always have a "cleanup" line at the end of the configuration file to catch anything that might have been missed by the more explicit definitions. Since the default name, group, and line are all ".+", a simple line like:

   idle=30

will do. Actually, any one switch can be specified on the line and all the others will get the default values.

See the sample file autolog.conf for an example configuration.

Installation Instructions:

If desired, edit the defaults in autolog.c such as D_IDLE, D_GRACE, D_MAIL, etc. (This is generally not necessary).
If you want the binary to land somewhere besides /usr/local/bin, edit the Makefile accordingly.
Type 'make install'.
Copy autolog.conf to /usr/local/etc and then edit it to make the changes needed by your system. (See the instructions above.)
Wait until the system has a bunch of idle processes. Run "autolog -d -n |less" and examine the output to see that the desired processes are going to "get the axe." If it looks good, try running "autolog -d" to make sure. When you're happy with your configuration file, setup cron.
In your Crontab file place a line that invokes autolog about every few minutes, such as:
```
   
      0,10,20,30,40,50 * * * * /usr/local/bin/autolog
```
On my system cron only runs the process at night. This way, users sessions stay on uninterrupted during the workday. I use the lines:
```
      0 20 * * * /usr/local/bin/autolog
      0 22 * * * /usr/local/bin/autolog
```

COMMAND LINE PARAMETERS:

-a (all processes) Print information on ALL utmp entries--not just user processes.
-d (debug mode) This is helpful in setting up your configuration file. The program runs in foreground rather than forking and it prints out verbose messages about what it is doing.

-n (nokill) Use this to prevent autolog from actually "killing" anyone. Use -d and -n together when setting up a new configuration file.
-f config_file_name Use this to override the default: "/usr/local/etc/autolog.conf"
-l log_file_name Use this to override the default: "/var/log/autolog.log"
Note that if this file doesn't exist, no logging will happen. Create the file (with touch) to enable logging.
-t idle_time Use this to override the internal default idle time (minutes)
-g grace_period Use this to override the internal default grace period (seconds)
-m yes/no Use this to override the internal mailing switch. If "yes" the program will send mail to the users right after killing them.
-c yes/no Use this to override the internal "pre-clear" switch. If "yes" the program will clear the terminal screen before warning the user.
-w yes/no If set to "no" no warning message will be printed to processes about to be killed.
-h yes/no Do timeouts based on total session time--not idle time. (hard)
-L yes/no If set to "yes" activities will be written to the logfile if present.

Bugs/Caveats:

The utmp file seems to only hold 8 characters worth of login name. If your login name is shorter than this, note that autolog may only see the first 8 characters. This is screwing up the group search function too. This shouldn't be too hard to fix. I'll just have to derive the real login name from the pid or something...
There is a feature that would be very helpful that autolog doesn't have yet. The ppp program generally creates a login process which is seen by autolog. The problem is that network activity does not change the idle time on the tty controlled by ppp. So there is no way (with the existing code) for autolog to know if the network link has gone idle for a period of time (it appears idle all the time--no matter what happens.
So your choices are this: You can leave ppp out of your "autolog strategy" in which case it will look like an idle shell and will get killed. Or, you can put it in the configuration file with an exemption (idle=0) in which case it will never get killed no matter what.
If someone knows where I can snoop in the OS (in a portable way) to find out how long its been since a ppp login passed any network traffic, I would add a ppp switch to be used for this purpose.

CHANGES:

0.2: Added 'hard' logout feature. Several bug fixes.
0.21: Added 'pre-clear' option.
0.30: Rewrote the configuration file parser. Added group matching and the "nowarn" option. Rewrote/cleaned up almost the whole program.
0.31: Fixed bug with searching for group. If the group could not be found from the username, the program would segmentation fault. Hopefully fixed.
0.32: re_exec seems to have a bug that dumps core in some cases. I rewrote the pat_match routine to not use it. Both versions of pat_match are included with an #ifdef.
0.33: Nov 1996 Fixed bug in logging routine. When writing to log file, the program could crash. Also more careful check for non-existent processes.
0.34: Dec 1996 Added man pages (thanks to Christoph Lameter). Some login processes didn't twiddle the "last access" time when a user first logged in. Checked to see if last access was older than login time to rule out such problems.
0.35: Oct 1998 fixed segfault error (Thanks to Thomas Gray). fclose(log) was being called even when the logfile hadn't been opened.

Have fun knocking off those 'delinquent' users! And don't let the power go to your head...

Kyle Bateman
kyle@actarg.com

Comments and suggestions always welcome - tom@tkrh.demon.co.uk

name=	A regular expression specifying which username(s) to match.
group=	A regular expression specifying which group(s) to match.
line=	A regular expression specifying which tty line(s) to match. Omit the "/dev/" part of the special name.
idle=	An integer specifying the number of minutes of idle (or connect) time to allow before beginning automatic logoff. An idle time of 0 exempts the process from automatic logoff.
grace=	An integer specifying the number of seconds from the initial warning to killing the process.
hard	A boolean value indicating total connect time will be considered rather than idle time.
mail	A boolean value indicating that mail will be sent to the user explaining that he was killed.
clear	A boolean value indicating that the screen will be cleared before a warning message is sent.
warn	A boolean value indicating that a warning message will be sent at the beginning of the "grace" period.
log	A boolean value indicating that activities will be logged to the logfile (if it exists).

-a	(all processes)	Print information on ALL utmp entries--not just user processes.
-d	(debug mode)	This is helpful in setting up your configuration file. The program runs in foreground rather than forking and it prints out verbose messages about what it is doing.
-n	(nokill)	Use this to prevent autolog from actually "killing" anyone. Use -d and -n together when setting up a new configuration file.
-f	config_file_name	Use this to override the default: "/usr/local/etc/autolog.conf"
-l	log_file_name	Use this to override the default: "/var/log/autolog.log" Note that if this file doesn't exist, no logging will happen. Create the file (with touch) to enable logging.
-t	idle_time	Use this to override the internal default idle time (minutes)
-g	grace_period	Use this to override the internal default grace period (seconds)
-m	yes/no	Use this to override the internal mailing switch. If "yes" the program will send mail to the users right after killing them.
-c	yes/no	Use this to override the internal "pre-clear" switch. If "yes" the program will clear the terminal screen before warning the user.
-w	yes/no	If set to "no" no warning message will be printed to processes about to be killed.
-h	yes/no	Do timeouts based on total session time--not idle time. (hard)
-L	yes/no	If set to "yes" activities will be written to the logfile if present.