thoughts/data/apm-lock.md

I have used OpenBSD for some time now and one of the things that I
have had to work a bit on to get the way I like it, is locking the
terminal upon apmd suspend. In other words locking the terminals
when I close the lid.

Since it is a bit of code and that I reuse it other places, I
created this as a separate helper script. Thus, my
``/etc/apm/suspend``-reference is:

```
#!/bin/ksh

lock.sh&
sleep 3
```

The suspend file executes every time the lid is closed.

Once upon a time I probably used different sources for this, but
anyways the script that I currently use are two-fold. The first
part locks all xenodm sessions with xlock:

```
CMD_LOCK="xlock"

# get all currently running xenodm sessions
XSESSION=$(ps -axo user,ppid,args|awk '/xenodm\/Xsession/ { print
$1,$2}')

# lock all logged in X sessions
for SESSION in "$XSESSION"; do
  _USER=$(echo $SESSION | cut -f1 -d' ')
  _PPID=$(echo $SESSION | cut -f2 -d' ')
  _DISPLAY=$(ps -p $_PPID -o args=|cut -d' ' -f2)
  su - $_USER -c "export DISPLAY=\"$_DISPLAY\" && $CMD_LOCK" &
done
```

The second part of the script kills all active consoles. This is
the most important part for me, since I most often lock the
screen, but forget to log off the consoles.

```
# kill open console TTYs
OPEN_TTYS=$(who|awk '{print $2}'|fgrep ttyC)
for _TTY in $OPEN_TTYS; do
  T=$(echo $_TTY|sed 's/tty//');
  TTY_PID=$(ps -t $T|fgrep -v COMMAND|fgrep "ksh (ksh)"|awk '{print $1}');
  kill -9 $TTY_PID;
done
```

Please also be aware that suspending the laptop will leave things
in plaintext, in memory, so to truly be resistant to an evil maid
vector you would need to power off the laptop when out of a
controlled area.
initial migration 2024-08-05 18:24:56 +00:00			`I have used OpenBSD for some time now and one of the things that I`
			`have had to work a bit on to get the way I like it, is locking the`
			`terminal upon apmd suspend. In other words locking the terminals`
			`when I close the lid.`

			`Since it is a bit of code and that I reuse it other places, I`
			`created this as a separate helper script. Thus, my`
			``/etc/apm/suspend``-reference is:

			```
			`#!/bin/ksh`

			`lock.sh&`
			`sleep 3`
			```

			`The suspend file executes every time the lid is closed.`

			`Once upon a time I probably used different sources for this, but`
			`anyways the script that I currently use are two-fold. The first`
			`part locks all xenodm sessions with xlock:`

			```
			`CMD_LOCK="xlock"`

			`# get all currently running xenodm sessions`
			`XSESSION=$(ps -axo user,ppid,args\|awk '/xenodm\/Xsession/ { print`
			`$1,$2}')`

			`# lock all logged in X sessions`
			`for SESSION in "$XSESSION"; do`
			`_USER=$(echo $SESSION \| cut -f1 -d' ')`
			`_PPID=$(echo $SESSION \| cut -f2 -d' ')`
			`_DISPLAY=$(ps -p $_PPID -o args=\|cut -d' ' -f2)`
			`su - $_USER -c "export DISPLAY=\"$_DISPLAY\" && $CMD_LOCK" &`
			`done`
			```

			`The second part of the script kills all active consoles. This is`
			`the most important part for me, since I most often lock the`
			`screen, but forget to log off the consoles.`

			```
			`# kill open console TTYs`
			`OPEN_TTYS=$(who\|awk '{print $2}'\|fgrep ttyC)`
			`for _TTY in $OPEN_TTYS; do`
			`T=$(echo $_TTY\|sed 's/tty//');`
			`TTY_PID=$(ps -t $T\|fgrep -v COMMAND\|fgrep "ksh (ksh)"\|awk '{print $1}');`
			`kill -9 $TTY_PID;`
			`done`
			```

			`Please also be aware that suspending the laptop will leave things`
			`in plaintext, in memory, so to truly be resistant to an evil maid`
			`vector you would need to power off the laptop when out of a`
			`controlled area.`