Secure Resume From Sleep
- This script will shutdown your PC if nobody enters the correct password after resume from sleep withing 40 seconds
- At the moment it will only work with KDE
- Copy it to /etc/pm/sleep.d/securesume.sh and make it executable
Update
pm-utils scripts do not longer get executed when resuming a system from sleep, see here: https://bugzilla.redhat.com/show_bug.cgi?id=904221
systemctl help systemd-suspend.service:
Immediately before entering system suspend and/or hibernation systemd-suspend.service (and the other mentioned units, respectively) will run all executables in /usr/lib/systemd/system-sleep/ and pass two arguments to them. The first argument will be “pre”, the second either “suspend”, “hibernate”, or “hybrid-sleep” depending on the chosen action. Immediately after leaving system suspend and/or hibernation the same executables are run, but the first argument is now “post”. All executables in this directory are executed in parallel, and execution of the action is not continued before all executables finished.
On newer systems copy it to /usr/lib/systemd/system-sleep/.
#!/bin/sh
# replace kscreenlocker with the screenlocker of your Desktop Environment, maybe gnome-screensaver
#locker=kscreenlocker
locker=kscreenlocker_greet #KDE 4.10
log() { logger -t securesume "$@"; echo "$@"; }
case "$1" in
hibernate|suspend|pre)
# do something before hibernate or suspend
;;
thaw|resume|post)
# do the following after resume from sleep
# check if the screenlocker is running, else shutdown
sleep 1s
if [[ ! $(pidof $locker) ]]; then
log "screenlocker not active, will now halt"
/sbin/shutdown -h now
else
log "screenlocker active, now you have to unlock it"
fi
# turn the PC off if the screen in not unlocked within 40 seconds
sleep 60s
# check if the screenlocker is running, else shutdown
if [[ ! $(pidof $locker) ]]; then
#if [ "$output" = "$noscreensaver" ]; then
log "logged in, nothing to do"
else
log "no login within 40 seconds, will now halt"
/sbin/shutdown -h now
fi
;;
*)
log "argument missing or wrong argument, usage: ./securesume.sh resume"
;;
esac
Download the script: securesume.sh