Automatically Locking OpenBSD When Closing Lid

Tommy
May 20 2020

I have used OpenBSD for some time now and one of the things that I have had to work a bit on to get the way I like it, is locking the terminal upon apmd suspend. In other words locking the terminals when I close the lid.

Since it is a bit of code and that I reuse it other places, I created this as a separate helper script. Thus, my /etc/apm/suspend-reference is:

#!/bin/ksh

lock.sh&
sleep 3

The suspend file executes every time the lid is closed.

Once upon a time I probably used different sources for this, but anyways the script that I currently use are two-fold. The first part locks all xenodm sessions with xlock:

CMD_LOCK="xlock"

# get all currently running xenodm sessions
XSESSION=$(ps -axo user,ppid,args|awk '/xenodm\/Xsession/ { print
$1,$2}')

# lock all logged in X sessions
for SESSION in "$XSESSION"; do
  _USER=$(echo $SESSION | cut -f1 -d' ')
  _PPID=$(echo $SESSION | cut -f2 -d' ')
  _DISPLAY=$(ps -p $_PPID -o args=|cut -d' ' -f2)
  su - $_USER -c "export DISPLAY=\"$_DISPLAY\" && $CMD_LOCK" &
done

The second part of the script kills all active consoles. This is the most important part for me, since I most often lock the screen, but forget to log off the consoles.

# kill open console TTYs
OPEN_TTYS=$(who|awk '{print $2}'|fgrep ttyC)
for _TTY in $OPEN_TTYS; do
  T=$(echo $_TTY|sed 's/tty//');
  TTY_PID=$(ps -t $T|fgrep -v COMMAND|fgrep "ksh (ksh)"|awk '{print $1}');
  kill -9 $TTY_PID;
done

Please also be aware that suspending the laptop will leave things in plaintext, in memory, so to truly be resistant to an evil maid vector you would need to power off the laptop when out of a controlled area.

Tags: #apm #lock #openbsd
Read with Gemini

This blog is powered by cl-yag and Tufte CSS!