Recording last authentication

I wanted a way to be able to determine roughly how long it had been since a user had been active. I defined active to mean that the user had had to authenticate onto a system. This is so that a box on which the user had logged in has gone into screen lock, and the user has then authenticated again to the display manager.

I used the audit log of auditd to detect when a user has authenticated to a display manager. Auditd comes installed on Fedora, but I had to install it on the ubuntu boxes.

I wrote a script “lastauthentication” which takes a username, and an optional switch for the type of output to generate:

  • -t last authentication as a timestamp
  • -d last authentication as a formatted date
  • -s time since last authentication in seconds as an integer
  • -f time since last authentication formatted
  • -r record the time since last authentication for this user on this box to tarragon

I installed that script in the /usr/local/bin on oregano, cinnamon, lemongrass and paprika.

On oregano and cinnamon, I updated the backup scripts so that they perform the script with -r flag for user dee during the night. On lemongrass (laptop) often the lid is closed so I put in a cron to update tarragon with the -r flag every hour,  so if I have the laptop on for at least an hour it will record. I also used cron on paprika (the kodi box), but for user “tv” instead of user “dee”. Here I used a cron because paprika doesn’t run a backup script.

What the -r flag does is simply record the -t timestamp of last authentication into a file, and transfer that file to tarragon in the /root/lastauthentication directory under the name of the box, e.g. oregano, cinnamon etc. So the directory /root/lastauthentication will have a file containing a timestamp for each box.

Then I wrote another script on tarragon, called mostrecentauth, also installed in /usr/local/bin. This script runs on tarragon  from cron and it checks the lastauthentication directory to find out the last time that user dee authenticated to any of his computers. If there has been no authentication on any computer for more than 2 days, including no logon to the kodi computer to watch tv, then there might be something wrong, I’m either dead or am unexpectedly in the hospital, or I’ve been abducted by aliens. If the script detects no logon for MAXDAYS (currently set to 2), then it sends both and email and a text to a selected person (currently my sister) to suggest she might want to call and see if I’m still kicking.