One of the most basic and common security measures that you can adopt in your working environment is to protect your computer by automatically locking the screen after a certain period of inactivity, so that it is necessary to enter a password to unlock. But there is a more effective way, and that is to configure your Linux machine so that the distance or proximity of a Bluetooth device you own, for example your cell phone or a smartwatch, automatically causes locking or unlocking the screen without having to enter any password on keyboard.
In an ideal world you would always remember to lock the screen when you leave your workplace to prevent another person from manipulating your computer during your absence. However, sometimes it will happen that you will neglect and forget to do so, compromising your information security. But even though you always remember to lock the screen, unlocking it regularly over and over again in the presence of other people or in uncontrolled environments is also a major security risk, as you will be exposing your password every time you type it, either because someone next to you sees you writing it or because a surveillance camera records the password you enter on your keyboard.
Thus, with the solution I propose here you will minimize both risks: forgetting about manually lock the screen and exposing your password every time you type it.
Installing and configuring Blueproximity
Blueproximity is an application that constantly monitors signal strength of a Bluetooth device linked to your computer, so that if you move away from your workplace carrying your smartphone and the signal strength falls below a given threshold for a given period of time (both parameters can be configured as you like), a command of your choice will run, normally one whose purpose is to lock the screen. Otherwise, when the signal level recovers because you get closer to the computer, the screen unlock command will be executed without you having to do anything.
Installing Blueproximity application is very easy because there are packages available for main Linux distributions and they can be installed in the usual way:
$ sudo apt-get install blueproximity
$ sudo yum install blueproximity
$ yaourt -S blueproximity –noconfirm
Common locking/unlocking commands
Once installed the blueproximity package you will have to proceed to link your Bluetooth device to your computer, configure the thresholds for the signal strength level and set the locking and unlocking commands that best fit your desktop environment and the goals you want to achieve.
Next follow up the most common locking/unlocking commands according to the graphical environment you work with. The third command in the configuration dialog box (Proximity command) runs periodically according to the selected time interval as long as your Bluetooth device is within range. This can be used to run a command that simulates user activity so that the session will never be locked even if there is no user activity but you are nearby. You can use here just the same command as for unlocking.
Blueproximity is originally a Gnome application, so by default it will be configured with the following commands:
In this case there are two commands because the second one corresponds to older versions of KDE prior to version 4.13.
dbus-send –type=method_call –dest=org.freedesktop.ScreenSaver /ScreenSaver
qdbus | perl -ne ‘qx/kquitapp $1/ if /(kscreenlocker_greet-\d+)/’ killall -9 kscreenlocker
Plasma Desktop 5
It is important to note that the blueproximity package has several dependencies that must be satisfied if your Linux distribution doesn’t bring them by default:
bluez-utils python-gtk2 python-glade2 python-configobj python-bluez
It may happen that although the application is properly installed and configured and all dependencies issues are resolved, the Bluetooth driver may appear as Soft blocked in your system:
# rfkill list 1: phy0: Wireless LAN Soft blocked: no Hard blocked: no 2: asus-wlan: Wireless LAN Soft blocked: no Hard blocked: no 3: asus-bluetooth: Bluetooth Soft blocked: yes Hard blocked: no 5: hci0: Bluetooth Soft blocked: yes Hard blocked: no
If your computer has a physical button to enable or disable Bluetooth then it is the Hard blocked parameter which could be set to yes.
To unblock the Bluetooth driver, use the following command:
# rfkill unblock bluetooth
In other cases, even if you unblock the driver, it remains off (power off). This happens for example if you are working on a laptop that is not plugged into its power adapter and is running on battery. It may happen that the power-saving settings that your Linux distribution brings by default cause the Bluetooth driver to power off automatically when the system boots and you have to power it on by hand:
# bluetoothctl [bluetooth]# power on Changing power on succeeded
Since the above command is interactive, you might better prefer the following one that will not require any user intervention so it can be used within a script:
# hciconfig hci0 up
Other interesting things that can be done automatically in addition to locking/unlocking the screen
There are other interesting things you can do when your linked Bluetooth device is approaching or moving away from your box other than locking or unlocking the screen. You can configure Bluproximity to run more sophisticated locking and unlocking commands, or even create your own scripts to do many things at once. Here are some ideas that may be useful:
Turn the screen on and off
Apart from performing locking or unlocking, the screen can also be turned off when you move away and turned on again when you approach in order to save energy. To do this, you will add the on/off command to the lock/unlock commands we saw above. For example:
loginctl lock-session && xset dpms force off
xset dpms force on && loginctl unlock-session
Send a push notification to your smartphone
loginctl lock-session && pb push "Screen locked at $(date +%H:%M:%S) on $(date +%d/%m/%Y)"
pb push "Screen unlocked at $(date +%H:%M:%S) on $(date +%m/%d/%Y)" && loginctl unlock-session
Stop/start playing Spotify songs
loginctl lock-session && dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.Pause
dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.Play && loginctl unlock-session
Change your chat client status to Not available/Available
loginctl lock-session && purple-remote "setstatus?status=away&message=No disponible"
purple-remote "setstatus?status=available&message=" && loginctl unlock-session
Make your webcam start/stop recording video
loginctl lock-session && streamer -q -c /dev/video0 -f rgb24 -r 3 -o ~/outfile.avi
loginctl lock-session && ffmpeg -f oss -i /dev/dsp -f video4linux2 -s 320x240 -i /dev/video0 out.mpg
pkill streamer && loginctl unlock-session
pkill ffmpeg && loginctl unlock-session
If you can think of more examples do not hesitate to make your contribution by writing a comment!