Linux Login History

If you are willing to observe and to watch what is happening with logins to your Linux system let’s have a look at this article

We going to use command:

~ # watch last -f /var/log/btmp

Every 5.0s: last -f /var/log/btmp hostname: Tue May 19 11:55:01 2020

yea ssh:notty 151.69.170.146 Tue May 19 11:54 gone - no logout
yea ssh:notty 151.69.170.146 Tue May 19 11:54 - 11:54 (00:00)
root ssh:notty 222.186.175.154 Tue May 19 11:54 - 11:54 (00:00)
root ssh:notty 222.186.175.154 Tue May 19 11:54 - 11:54 (00:00)
xnr ssh:notty 122.51.101.136 Tue May 19 11:54 - 11:54 (00:00)
xnr ssh:notty 122.51.101.136 Tue May 19 11:54 - 11:54 (00:00)
root ssh:notty 218.92.0.206 Tue May 19 11:54 - 11:54 (00:00)
root ssh:notty 222.186.175.154 Tue May 19 11:54 - 11:54 (00:00)
root ssh:notty 218.92.0.206 Tue May 19 11:54 - 11:54 (00:00)
root ssh:notty 222.186.175.154 Tue May 19 11:54 - 11:54 (00:00)

where we use watch to watch chanching of command outs in cycle

last is the command to see logins

the path /var/log/btmp do pint to the fauiled logins

in the same way you could observe:
/var/laog/wtmp for last logins sessions

Moreover, the last command like a stand-alone command can provide plenty of data to analyze what happens with logins:

last -i – ip adresses

last - 10 – ro see last 10 record

last man could help you investigate all benefits of this command

Have You More questions? Please be free to ask us your questions in the
Dzhumaiev.Slack.сom channel 🙂

Leave a Reply