Clobberd 3.x is a hierarchial client/server system. It is designed this way so that it can monitor users over a network, not just on one system (Nb/ 1.x and 2.x could only monitor users on the single machine). It does this with TCP/IP internetworking:

In this model, there are two basic types of programs. The Master which is the repository of user information, and the Monitors, that actually monitor the user, warn them and kick them off etc.

Each user will have a Monitor. Monitors will be entered in place of the /bin/shell entries in the /etc/passwd file. The Monitors will do pretty much what the old version of clobberd did (2.x). It will monitor it's given user.

The purpose of Master is to keep collective information about users so that it can be used by Monitors regardless of where they are on the Internet (although, you would typically use it within your network).

Each Monitor will attach itself into the Master. Once it's attached, all other updates of other Monitors will be ignored. The Monitor will then Monitor the user according to the info it downloaded from that Master, send any updated info back the that Master, and then unattach itself. This attachment locking is necessary so that only one client can update users details at once.

Any Monitor that dies (or gets schizophenia) while locked, the Master will time their active out after 4 times the Monitors sleep time. For clobberedit-3.x sessions attached onto the Master, the timeout is an hour.

With unreliablity factors of networking, The main philosophy behind the Monitor is that even if it loses contact with the Master, it will still continue to function, and simply update it's details with the Master whenever it can.

The Things that the Monitor's Monitor

[new] - Monitors the activity of user session's. If the user is domanant, then they get disconnected.

- Monitors the Total Time a user has been online for, against a Total Time Limit.

- Monitors the Daily Time a user has been online for, against a Daily Time limit determined by a Time Zone list [new] that specifies Daily Time Limits for different times of the day and week.

[new] - Checks that a users account hasn't expired past an expiry date.

- Sets the users niceness.

[new] - Monitors Total Network traffic and makes sure the user hasn't exceeded any limits.

[new] - Monitors Daily Network traffic and makes sure the user hasn't exceeded any limits.

[new] - If enabled, forbids multiple logins.

[new] - Checks to see if a user is banned.

The really really really really detailed way it works..

Ok, now i'm going to just hit you with it. This is what each Monitor does-

1- First of all, the Monitor talks to the Master, and gets user information.

..then it will do some "once off" things:

2- If the Clobber multiple Dialins flag is set, then flash user and disconnect.

3- Check if user has exceeded expiry date. If so, then flash user and disconnect.

4- Then it will set the Set Daily Time Limit for the users session. This is determined by the Time Zone Table for the user, which sets out different Daily Time Limits for different times of the day and week. This allows you to have special Daily Time Limits for say weekends, a certain day, or a time range in a day.

5- If the Instant Purge Daily Time flag is set, then it will clear the Daily Time used for the user. This enables a user to log straight back on when their Daily Time Limit is Exceeded.

..then we do our "run of the mill" things..

6- If the User is or becomes banned, then the Monitor will flash and disconnect the user.

7- The Master checks if the user has exceeded their Total Time Limit. If so, then user is flashed, given a grace time, and then disconnected.

8- The Master then checks if the user has exceeded their Set Daily Time limit (This Set Daily Time limit was set according to the Time Zone table in Step 4). If so, then user is flashed, given a grace period and then disconnected. If the Minimum Free Dialins flag is set, and if the number of free (unused) tty (modem) lines out of your dialin pool (specified in the etc/clobberd.boot file) is greater or equal to the Minimum Free Dialins Threshold, then the user won't get disconnected.

9- Then it checks the total network transfer, upload, and download limits of the user (if they are using a data link). If they have exceeded any of these, then the user is flashed, graced and disconnected.

10- Then the same is none for Daily network transfers, uploads and downloads.

11- Then, finally, If user has been domant longer than the active time, then they will be flashed and disconnected (that's if the OT exemption flag isn't set).

12- The monitor then notifies the Master of any updates, and dettaches itself.

Nb/ If the user hasn't got any user settings (ie, it's a first time user), then the Master will create settings for this user from the default settings.

Leaders and followers

When a user has more than one connection (ie, they have more than one Monitor running), then a Leader Monitor is determined (the oldest running session). Leaders are the only ones that can update (increment) Daily and Total Time. As you can imagine, if all the users Monitors incremented the time values, then their time usage would quickly dwindle.

3- A Tour guide..

clobberd/etc/clobberd.boot

This is the configuration file that all programs read before execution. It sets various settings that are impractical to set in the Remote Maintenance editor.

In this file, there are a number of directives that need to be set. These are "addr:", "port:", "recv_to:", "encry_key:", "shell:", "dshell:", "sendmail:", "add_net:", "tty_owner:" and "add_tty:"

The "addr:" and "port:" directives are address and port number details of the Master host. The address must be an IP name (ie dayworld.net.au). "recv_to:" is a timeout value for a system function that is used by the programs to receive data from a port. You can leave this value alone.

The "encry_key" is a 56 character Blowfish Encryption key (see below). Note, this key can be any permitation of characters, but it must fill out 56 characters of data. If you don't do this, then your clients will not be unable to connect to the Master.

The "shell:" and "dshell:" specifies the shell paths that the Monitors will execute. Typically, "shell:" will be "/bin/bash", and "dshell:" will be "/usr/sbin/pppd".

The "sendmail:" directive specifies the path of the sendmail program.

The "add_net:" entries specify Allowed Network addresses. These are read by the Master. If a connecting Client isn't apart of these addresses, then they are ignored. Note that the addresses must be IP numbers.

Typical entries will be:

add_net: 127.0.0.1 - for the local loop back.

add_net: 203.23.37.0 - for a entire "C" class network.

add_net: 203.23.37.2 - for a single machine.

You can have up to 16 of these entries.

The Allowed Networks list is just another little security feature that will prevent this service being externally attacked.

If you want to use the Minimum Free Dialins lenacy feature, then you have to set the following settings:

When you see a login prompt, a getty or telnetd process is running on that terminal (ie, your screen or window). The terminal is owned by someone (even though you haven't logged on yet), and it is usually owned by "root" and sometimes owned by "uucp" depending on how your system is setup. Set "tty_owner:" to this owner.

To specify your dialin pool, use a set of "add_tty:" entries.

ie

add_tty: S0 - for /dev/ttyS0

add_tty: C10 - for /dev/ttyC10

Minimum Free Dialins lenacy feature reads these tty devices to determine if they are being used or not.

Schneier-Blowfish Encryption..

Clobberd uses an encrption method called Blowfish, which is a DES derivative. It's been taken from the "Algorithm Alley" article in the Dr. Dobb's Journal Sept 95 edition, by Bruce Schneier.

It's a very secure algorithm. I don't have the article on me, but tests proved that it was uncrackable. I think some guy could crack it up to the 3rd pass (out of 16). Where as a DES key can be cracked within a few hours with special dedicated hardware.

I've forgotten most of the intrisics about the man and his algorithm, so i'll shut up about it. If you want more information on this algorithm, then it's probably best if you contact him personally schneier@counterpane.com.

Anyway, all data packets that are communicated between the Master and Monitor have a little field called the poser field. When a packet goes out from a source program, it composes the poser field from data in the packet and encrypts it.

When the destination program receives the packet, it will decrypt the poser field and match it with the data in the packet. If they don't match, then we know that the packet comes from an impostor, and hence is ignored.

clobberd/sbin/clobberd-3.x

This is the Master. It's straight forward in operation. You just run it. If you run it without the "-!" option, then logs are appended to the clobberd/spool/log/clobberd.log file. If it is, then Clobberd-3.x runs like a normal program, and logs are printed to the screen.

clobberd/sbin/testing-3.x

This is just a test program. All it does is attaches itself to the Master, gets all user settings and the actives list, dettaches and displays this information.

clobberd/sbin/clobbersh-3.x

This is the Monitor program. It is used in place of the pppd or bash entry in the users passwd file.

This program will talk to the Master, update the user information, flash and disconnnect (send a SIGHUP signal to the shell and end) as required.

clobbersh-3.x has two command line parameters:

-s Run the program defined in the "shells:" directive of the clobberd.boot file.

-d Run the program defined in the "dshells:" directive of the clobberd.boot file.

clobberd/sbin/clobberpurge-3.x

This program is used in the crontab table to do a Midnight reset, or to Print an EOP and purge all user settings.

A detailed note on how to do this is outlined in the INSTALL readme file, but for the sake of these being a complete user manual, I'll repeat it..

- To do a Midnight reset at 12:00am, add this line to your crontab:

0 0 * * * /usr/sbin/clobberpurge-3.0 -m >/dev/null

If you want crontab to email you the output of clobberpurge then remove the ">/dev/null" bit.

Midnight reset clears the all users Daily Time, Daily Transfer, Daily Uploads and Daily Downloads Monitors.

- To Print an EOP Report (located in ./clobberd/spool/reports/eop.report) and Purge all users total settings at the 1st of each month, add this line.

* * 1 * * /usr/sbin/clobberpurge-3.0 -p >/dev/null

With any luck, Total Time, and Total Network Transfers will be cleared, and a report will be produced as follows- Click here to view

clobberd/sbin/clobberstat-3.x

clobberstat-3.x will produce the following output- Click here to view

The table headers are a little bit ambigious, so we'll run through them..

The (fixed) Settings...

N            Type of Notification. E = Email, T = a TTY flash
TT           Total Time
DZ           Logged in Time Zone, which corresponds to the users Daily
             Time Zone table.
SetDT        The Set Daily Time Limit determined at login time, according
             to the users Time Zone table.
ExpiryDate   The users Expiry Date
Nic          The users set Niceness
TTranL       The Total Network Transfer Limit
TULL             "     Network Upload Limit
TDLL             "     Network Dnload Limit
DTranL       The Daily Network Transfer Limit
DULL             "     Network Upload Limit
DDLL             "     Network Dnload Limit
I            Instant Daily Time Purge flag (Y if set, N if not set)
C            Clobber multiple sessions flag (Y if set, N if not set)

The Monitor settings..

TTUsed       Total Time used
DTUsed       Daily Time used
TTran        Total Network Transfers
TUL          "     Network Uploads
TDL          "     Network Dnloads
DTran        Daily Network Transfers
DUL          "     Network Uploads
DDL          "     Network Dnloads
B            Banned flag (Y if banned, N if not set)
LastA        Line/terminal Last used (in hh:mm)

The various "*" means that the user is exempt from those monitorings.

Typically you would run it in a shell that encapsulates it in HTML code, like the one provided in clobberd/cgi-bin. This program looks like this click here.

You can add colour, add a flashy heading, and some images if you wanted to, or you could go one step further and write a script to totally customise the output. Be imaginative!.

clobberd/sbin/clobberedit-3.x

Clobberedit-3.x is the remote maintenance editor. It's basically the central control program that can connect to the Master and change settings. You can also monitor users with it too.

Once you get the general feel of it, everything becomes obivous. What i'll do is describe the windows and dialogs, and what the different things do etc.

Wheh you run clobberedit-3.x, you are presented with the following menu:

 +---------Main Menu----------+
 |View/Change General Settings|                                           
 |View/Change User Settings   |
 |Monitor Users               |
 |Force a Midnight reset      |
 |Print Report and Purge Users|
 |Kill the Master and quit    |
 |Quit                        |
 +----------------------------+

The first three menu items will be described. The rest are pretty obivous from their descriptions.

View/Change General Settings

If we select the View/Change General Settings menu item, It will connect to the Master and download the General (global settings). The following box will then display:

 +--------------------View/Change General Settings---------------------+
 |System Name               : No Name                                 *|
 |System Domain Address     : localhost                                |
 |Admin Email Address       : root@localhost                           |
 |Run Level                 : Verbose                                  |
 |Sleep time of mont (mm:ss): 0:30                                     |
 |Message Grace (mm:ss)     : 5:00                                     |
 |Min Free Dialins(DT Exmpt): Exempt                                   |
 |User Activity T/O (hh:mm) > Exempt                                   |
 |Master Save Time (hh:mm)  > 0:15                                     |
 |Bg top bar colour         : BLUE                                     |
 |Fg top bar colour         : WHITE                                    |
 |Bg dialog border colour   : RED                                      |
 |Fg dialog border colour   : WHITE                                    |
 |Bg dialog colour          : RED                                      |
 |Fg dialog colour          : YELLOW                                   |
 |Bg window border colour   : BLUE                                     |
 +---------------------------------------------------------------------+

IMPORTANT!!!

Whenever clobberedit-3.x is attached to the Master, you will notice an [Attached] notice in the bottom right hand side of the screen. This means that this remote maintenance program is attached (locked on to) the Master. The Master has our complete attention and will only accept data packets from us. No other Monitor, purger or stat displayer can access the Master. The Menu items View/Change General Settings and View/Change User Settings are the only functions that will allow you to permanently attach yourself to the Master.

Just be aware of this, and don't stay in these area's longer than you have to.

In the event that you do accidently forget to go back out, or that the clobberedit-3.x program dies in the middle of this function (and the master is still locked on) then it will timeout this attachment after an hour, hence allowing other Monitors to access the Master.

Ok, from the top..

System Name is the name you want to call the Master (typically your ISP name).

..To change a field, hit enter and type in the appropriate format.

System Domain Address is the email domain. If no over ride email address is set for a user, then users will be emailed at this email domain. To change hit enter, type in the new string, then hit enter again.

Admin Email Address- pretty obvious.

Run Level- how loggy you want clobberd/spool/log/clobberd.log. Set this to Normal. Only use Verbose if you are watching the clobberd/spool/log/clobberd.log. To change, hit enter.

Sleep time of mont. This is the time the Monitor sleeps. It's basically the rate of monitoring. 2 minutes would be the optimal amount.

Message Grace. After a user has been flashed for exceeding something (ie Total Time), they are given a grace period.

Min Free Dialins. When the number of un-used lines reaches this amount, (unused tty lines have a UID set to the "tty_owner:" in the clobberd/etc/clobberd.boot), the user will be ammune to Daily Time disconnection. To exempt this feature, just press SHIFT-E.

..To toggle "Exemption", press SHIFT-E...

User Activity T/O. If a users line is inactive for more than this amount, their line will be disconnected.

Master Save Time is the time interval that the Master saves the user settings to the fs.

Then we have some colour configuration fields that you can discover yourself.

Lastly, Edit Default User Settings, will give us access to another window that allows us to set default user settings.

..Any fields bulleted with a ">" are entries to another screen

and it looks like this:

 +----------Default User Settings----------+
 |--SETTINGS---------------               *|
 |Email Address            :               |
 |Total Time Limit (hhh:mm): Exempt        |
 |Daily Time Limits        > Exempt        |
 |Expiry Date (dd:mm:yyyy) : Exempt        |
 |Niceness                 : Exempt        |
 |Total Transfer Limit     : Exempt        |
 |Total Upload Limit       : Exempt        |
 |Total Download Limit     : Exempt        |
 |Daily Transfer Limit     : Exempt        |
 |Daily Upload Limit       : Exempt        |
 |Daily Download Limit     : Exempt        |
 |Reset DT after Clobber   : No            |
 |Clobber multiple Dialins : Yes           |
 +-----------------------------------------+

When a users Monitor connects to the Master and the user isn't known by the Master, it will create a user setting entry and set it to these details as default.

Going through the items..

Email Address. Sets the method of notification. The two most practical values here are either nothing, or TTY. You can toggle between these by pressing the SHIFT-E key.

When this value is nothing, the user will be emailed at the email address set by the System Domain Address.

Total Time Limit. The maximum amount of usage time a user can use.

Daily Time Limits, allows you to edit the Daily Time Zones. This is basically a table that allows you to condition Daily Time to different times of the week:

 +---Edit Daily Time Limits----+
 |Z From To  From To  Limit    |
 |0 --Inactive--               |
 |1 --Inactive--               |
 |2 --Inactive--               |
 |3 --Inactive--               |
 |4 --Inactive--               |
 |5 --Inactive--               |
 |6 --Inactive--               |
 |7 --Inactive--               |
 +-----------------------------+

Lets explain this by example- Pretend that your users have a maximum Daily Time limit of 2 hours. Except, on weekends they have a Daily Limit of 3 hrs, and during the time periods of 5pm and 8pm, they are only allowed on for 1 hour.

To accommodate this, and using the arrow keys, the enter key and the "-" and "=" keys, we manipulate the entries, and set the table up as follows:

 +---Edit Daily Time Limits----+
 |Z From To  From To  Limit    |
 |0 Mon Sun  0am 11pm 2:00     |
 |1 Sat Sun  0am 11pm 3:00     |
 |2 Mon Sun  5pm  7pm 1:00     |
 |3 --Inactive--               |
 |4 --Inactive--               |
 |5 --Inactive--               |
 |6 --Inactive--               |
 |7 --Inactive--               |
 +-----------------------------+

To change an entry from --Inactive-- to a active line, hit enter. To change an active line to an inactive one, press SHIFT-D.

..in general, SHIFT-D will delete an entry from a table or a list

For the From To fields, we use the "-" and "=" keys to change the hours and days. The Limit field, we just hit the enter key and enter in the time amount in HH:MM notation.

Inferencing is done bottom upwards, so that it will test the third Zone first. Then the second Zone, then the first Zone.

If a user logged on during Saturday 6:00pm, then the 3rd Zone will test true, and they will have a set Daily Time Limit of 1 hour. If a user logged on at 9:00pm, then the 2nd Zone will test true, and they will have a Set Daily Time limit of 3 hours.

With our Daily Time Zone settings complete, we press SHIFT-Q, and modify the rest of the defaults.

..To exit out of a window, press SHIFT-Q.

Expiry Date, pretty obvious.

Niceness, The CPU priority setting.

Total and Daily Transfer, Upload, and Download Limits, sets limits on the users network traffic.

Reset DT after Clobber. If set, a user can log straight back on again and their Daily Time usage will be set to 0.

Clobber multiple Dialins, obvious.

View/Change User Settings

This screen looks like this:

 +-------------View/Change User Settings--------------+
 |Users      Settings                                 |
 |           --SETTINGS---------------               *|
 |           Email Address            :               |
 |           Total Time Limit (hhh:mm): Exempt        |   
 |           Daily Time Limits        > Exempt        |   
 |           Expiry Date (dd:mm:yyyy) : Exempt        |   
 |           Niceness                 : Exempt        |
 |           Total Transfer Limit     : Exempt        |
 |           Total Upload Limit       : Exempt        |
 |           Total Download Limit     : Exempt        |
 |           Daily Transfer Limit     : Exempt        |
 |           Daily Upload Limit       : Exempt        |
 |           Daily Download Limit     : Exempt        |
 |           Reset DT after Clobber   : No            |
 |           Clobber multiple Dialins : Yes           |
 |           --MONITORS---------------                |
 |           Total Time Used          : 0:00          |   
 |           Daily Time Login Zone    : -1            |
 |           Daily Time Set Limit     : 0:00          |
 |           Daily Time Used          : 0:00          |
 |           Total Transferred        : 0             |
 |           Total Uploaded           : 0             |
 |           Total Downloaded         : 0             |
 |           Daily Transferred        : 0             |
 |           Daily Uploaded           : 0             |
 |           Daily Downloaded         : 0             |
 |           Permanently Ban User     : No            |
 |           Last Active (hr:mm)      : 0:00         *|
 |           Free Dialins Stats       : 6/4*          |
 +----------------------------------------------------+

In this window, we have a user list on the left, and their respective settings on the right. We can select the users with the arrow keys. Once We have selected a user, we can use the left and right arrow keys to switch between the lists.

In the settings list, the entries are split into settings and monitors. The settings are fixed values that never change (unless changed by you), and the monitorings are values that the Monitors update.

Half of this window has the same operation as that Default User Settings window, so i'll only describe the ones not covered.

Users are added in two ways. The first way is if a user is unknown to the Master. In this case, the Master will create an entry for them using the default settings. The second method is by you pressing SHIFT-I to insert a new entry. You can just go the the user settings and modify them as needed.

..To insert a user entry, press SHIFT-I.

To delete a user entry, press SHIFT-D.

..To delete a user entry, press SHIFT-D.

A note about the Email Address. We have already explained that this field can have a value of tty for terminal flashing or a blank to be emailed to them at the System Domain Address. You can also specify an address, by hitting enter and typing the new address. Typically though, this enter would be either blank or tty (again, tty can be toggled using SHIFT-E).

The only reason i implemented this is because somebody a _bound_ to ask for this to be implemented.

Total Time Used, obvious.

Daily Time Login Zone. This is set when the user first logs on. It's value is determined according to the users Daily Time Zone Table.

Daily Time Set Limit. This is the Daily Time Limit cooresponding to the Daily Time Login Zone.

Daily Time Used, obvious.

Total Transferred, Upload, Download, obvious. The data units are "device packets".

Daily Transferred, Upload, Download, ditto

Permanently Ban User, you can set this if you wich to ban the user.

Last Active, is the amount of time the user was last actively using his terminal or data link. if this value exceeds the set User Activity T/O (if not exempted), then the user will be timed out. Nb/ that you can't edit this value.