I have used OpenBSD for some time now and one of the things that I have had to work a bit on to get the way I like it, is locking the terminal upon apmd suspend. In other words locking the terminals when I close the lid. Since it is a bit of code and that I reuse it other places, I created this as a separate helper script. Thus, my ``/etc/apm/suspend``-reference is: ``` #!/bin/ksh lock.sh& sleep 3 ``` The suspend file executes every time the lid is closed. Once upon a time I probably used different sources for this, but anyways the script that I currently use are two-fold. The first part locks all xenodm sessions with xlock: ``` CMD_LOCK="xlock" # get all currently running xenodm sessions XSESSION=$(ps -axo user,ppid,args|awk '/xenodm\/Xsession/ { print $1,$2}') # lock all logged in X sessions for SESSION in "$XSESSION"; do _USER=$(echo $SESSION | cut -f1 -d' ') _PPID=$(echo $SESSION | cut -f2 -d' ') _DISPLAY=$(ps -p $_PPID -o args=|cut -d' ' -f2) su - $_USER -c "export DISPLAY=\"$_DISPLAY\" && $CMD_LOCK" & done ``` The second part of the script kills all active consoles. This is the most important part for me, since I most often lock the screen, but forget to log off the consoles. ``` # kill open console TTYs OPEN_TTYS=$(who|awk '{print $2}'|fgrep ttyC) for _TTY in $OPEN_TTYS; do T=$(echo $_TTY|sed 's/tty//'); TTY_PID=$(ps -t $T|fgrep -v COMMAND|fgrep "ksh (ksh)"|awk '{print $1}'); kill -9 $TTY_PID; done ``` Please also be aware that suspending the laptop will leave things in plaintext, in memory, so to truly be resistant to an evil maid vector you would need to power off the laptop when out of a controlled area.