December 13, 2011

Secure Resume From Sleep

  • This script will shutdown your PC if nobody enters the correct password after resume from sleep withing 40 seconds
  • At the moment it will only work with KDE
  • Copy it to /etc/pm/sleep.d/securesume.sh and make it executable

Update

pm-utils scripts do not longer get executed when resuming a system from sleep, see here: https://bugzilla.redhat.com/show_bug.cgi?id=904221

systemctl help systemd-suspend.service:

Immediately before entering system suspend and/or hibernation systemd-suspend.service (and the other mentioned units, respectively) will run all executables in /usr/lib/systemd/system-sleep/ and pass two arguments to them. The first argument will be “pre”, the second either “suspend”, “hibernate”, or “hybrid-sleep” depending on the chosen action. Immediately after leaving system suspend and/or hibernation the same executables are run, but the first argument is now “post”. All executables in this directory are executed in parallel, and execution of the action is not continued before all executables finished.

On newer systems copy it to /usr/lib/systemd/system-sleep/.

#!/bin/sh
# replace kscreenlocker with the screenlocker of your Desktop Environment, maybe gnome-screensaver
#locker=kscreenlocker
locker=kscreenlocker_greet #KDE 4.10

log() { logger -t securesume "$@"; echo "$@"; }

case "$1" in
    hibernate|suspend|pre)
    # do something before hibernate or suspend
    ;;
    thaw|resume|post)
    # do the following after resume from sleep
        # check if the screenlocker is running, else shutdown
        sleep 1s
        if [[ ! $(pidof $locker) ]]; then
            log "screenlocker not active, will now halt"
            /sbin/shutdown -h now
        else
            log "screenlocker active, now you have to unlock it"
        fi
        # turn the PC off if the screen in not unlocked within 40 seconds
        sleep 60s

        # check if the screenlocker is running, else shutdown
        if [[ ! $(pidof $locker) ]]; then
        #if [ "$output" = "$noscreensaver" ]; then
            log "logged in, nothing to do"
        else
            log "no login within 40 seconds, will now halt"
            /sbin/shutdown -h now
        fi
    ;;
    *)
        log "argument missing or wrong argument, usage: ./securesume.sh resume"
    ;;
esac

Download the script: securesume.sh

Posted by Christian Jann
Filed under: English
Tags: Script, Bash, Fedora, KDE, Security