|
UNIX Hints & Hacks |
 |
||||||||||||||||||||||||||
|
Chapter 3: Security |
|
||||||||||||||||||||||||||
|
When away from your screen clear and lock it up.
Flavors: AT&T, BSD
Syntax:
clear
Try to get into the habit of clearing the screen or terminal as much as possible. Using the clear command reads the information about your terminal from the termcap or terminfo entry to erase the contents of the screen that is locked to the particular tty terminal device. Set up an alias so the screen can be cleared at a moments notice. Control-K is a good character, but you can use anything.
alias ^k clear
If you are away from your terminal and access your system remotely, a signal can be sent to any one of the terminal device sessions that are open as long as you are the owner of that device. This is done by redirecting the clear command to the device. To find the current device you are typing in, use the tty command.
rocket 1% tty /dev/ttyq1 rocket 2% clear > /dev/ttyq1
To see a complete list of all devices and who is using which tty devices on the system, the who command shows this information.
rocket 1% who victor ttyq0 Sep 29 18:09 gloria ttyq1 Sep 29 20:53 kate ttyq2 Sep 29 22:04 paul ttyq4 Sep 4 13:26 scott ttyq6 Sep 28 10:59
Taking this one step further, a simple script can collect all the terminal devices that you are using and send a clear signal to erase the screen associated with each device. The script could be called clearall.
#! /bin/sh
who | grep $USER | awk '{print $2}' | while read tty do clear > /dev/$tty done
Line 1: Set up the shell to be used.
Line 3: Find out who is on the system, strip out the user running the script and collect all her open tty devices, and then begin going through each one.
Line 5: Clear the terminal device for each one in the list collected.
Line 6: The script continues until the list has been fully processed.
Rather than clearing a terminal session from a single keystroke, all the windows could be cleared from a single Control-K keystroke.
alias ^k clear
Flavor: AT&T, BSD
Shell: sh, ksh
Syntax:
xlock
If you plan to leave any terminals unattended for a period of time and there is a window manager running on the console, lock the console with xlock. Prior to a windows environment in the PC world, policies dictated that all users would log out of the computers when away from the desk. This was mandatory. With the introduction to window-based environments on PCs, company policies are changing to locking. It is always safer and more secure to log out whenever possible though.
Because the xlock program is a program or process running on the computer, it is possible to kill the process remotely and gain access to the account. This really isn't a good thing.
The whole point here is to keep your information and data secure, hidden, and protected from others in the best possible way.
After leaving a boring, strict, computing environment, I entered into a position as a senior UNIX administrator in a very trusted environment. The definition of trusted in this place was that everyone trusted everyone, and nothing was a secret on the computers. Screens were meant to be unlocked and usable by all if needed.
One day when I was installing software on a system, I went to lunch while the 100MB software package was installing. Like a good administrator, I locked the terminal (mistake #1) so no one would disturb the software being loaded. I never left a note (mistake #2). Because the screen was locked, I figured no one would touch the keyboard. When I returned, the system was sitting at the PROM level and the machine wouldn't boot. After asking around the room, I was told that if there was nothing on the screen, nothing is going on and they thought they could do anything they wanted to the box. So they hit the power button, because they couldn't get past the locked screen.
The software made kernel modifications during the install and the system could not successfully recover from the crash. I was forced to rebuild the OS. Although clearing the screen and locking it up is always good, each environment has to be evaluated on an individual basis. I learned it the hard way, on a Friday afternoon.
Man pages:
clear, xlock
|
UNIX Hints & Hacks |
|
||||||||||||||||||||||||||
|
Chapter 3: Security |
|
||||||||||||||||||||||||||
|
© Copyright Macmillan USA. All rights reserved.