
login_monitor for the brave
Copyright (C) 2003 by Tim Niemueller <tim@niemueller.de>
Website: http://www.niemueller.de/software/perl/loginmonitor/

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.


Ever had that really bad feeling when you were at a friend and
ssh'ed home to <put-your-favorite-remote-app-here> and then
you forgot to logout and your friend can put those noisy
HACKED.txt files in your home, or maybe even all over the
machine when it was a root account!?

Then you really should consider using this script.

It checks every 3 minutes for users who are idle for more than
five minutes. If it finds such users it kills their shells and
kicks them from the system ("log them out").
You can define an ignore string that will be used on the from
field (last field that you see in who if there are remote
users). For example you can put there yourBIGcorp.com as
ignore if you have a valid reverse lookup for your IPs. Then
users from the (assumably) local network won't get kicked.
By default there is no logging but you can turn syslog logging
on with the -s flag.
Just call "login_monitor --help" for all flags.

This software is not meant to be a "solution" but it is meant
to be a starting point.
Since you have the source you can implement your policies with
it. I guess if you want to use this you already know that...

There is no installation needed. Just run the software. It
needs Perl (tested with 5.6) and some Perl modules which
should all be in the standard distro.


Tim Niemueller
Aachen, 2003/05/13

