This shows you the differences between two versions of the page.
— |
user_login_information [2012/04/30 12:49] (current) root created |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== User login information ====== | ||
+ | |||
+ | ===== Last ===== | ||
+ | |||
+ | show listing of last logged in users | ||
+ | |||
+ | last | ||
+ | username pts/0 192.168.1.1 Fri Apr 27 13:30 - 13:30 (00:00) | ||
+ | username pts/0 192.168.1.1 Fri Apr 27 13:29 - 13:29 (00:00) | ||
+ | username pts/0 192.168.1.1 Fri Apr 27 13:28 - 13:28 (00:00) | ||
+ | reboot system boot 2.6.32-220.13.1. Fri Apr 27 13:27 - 13:31 (3+00:03) | ||
+ | username pts/0 192.168.1.1 Fri Apr 27 13:02 - down (00:21) | ||
+ | root tty1 Fri Apr 27 11:07 - 11:07 (00:00) | ||
+ | root tty1 Fri Apr 27 10:59 - 10:59 (00:00) | ||
+ | username pts/0 192.168.1.1 Fri Apr 27 09:06 - 12:57 (03:50) | ||
+ | | ||
+ | ===== utmpdump ===== | ||
+ | |||
+ | utmpdump will write out more information including year | ||
+ | |||
+ | utmpdump /var/log/wtmp | ||
+ | [1] [00000] [~~ ] [shutdown] [~ ] [2.6.32-220.7.1.el6.x86_64] [0.0.0.0 ] [Tue Apr 17 10:57:01 2012 ] | ||
+ | [2] [00000] [~~ ] [reboot ] [~ ] [2.6.32-220.7.1.el6.x86_64] [0.0.0.0 ] [Tue Apr 17 10:57:19 2012 ] | ||
+ | [1] [00051] [~~ ] [runlevel] [~ ] [2.6.32-220.7.1.el6.x86_64] [0.0.0.0 ] [Tue Apr 17 10:57:19 2012 ] | ||
+ | [7] [30220] [ts/0] [user ] [pts/0 ] [192.168.1.1 ] [192.168.1.1 ] [Tue Apr 17 15:08:27 2012 ] | ||
+ | [8] [30220] [ ] [ ] [pts/0 ] [ ] [0.0.0.0 ] [Tue Apr 17 15:08:33 2012 ] | ||
+ | [7] [30748] [ts/0] [user ] [pts/0 ] [192.168.1.1 ] [192.168.1.1 ] [Tue Apr 17 15:08:38 2012 ] | ||
+ | [8] [30748] [ ] [ ] [pts/0 ] [ ] [0.0.0.0 ] [Tue Apr 17 15:08:42 2012 ] | ||
+ | [7] [00748] [ts/0] [user ] [pts/0 ] [192.168.1.1 ] [192.168.1.1 ] [Tue Apr 17 15:11:02 2012 ] | ||
+ | | ||
+ | ===== Failed login ===== | ||
+ | |||
+ | utmpdump can also bed used to list failed login attempts | ||
+ | |||
+ | utmpdump /var/log/btmp | ||
+ | [6] [27213] [ ] [admusr ] [ssh:notty ] [192.168.1.1 ] [192.168.1.1 ] [Mon Apr 16 12:23:27 2012 ] | ||
+ | [6] [27213] [ ] [admusr ] [ssh:notty ] [192.168.1.1 ] [192.168.1.1 ] [Mon Apr 16 12:23:28 2012 ] | ||
+ | [6] [27213] [ ] [admusr ] [ssh:notty ] [192.168.1.1 ] [192.168.1.1 ] [Mon Apr 16 12:23:28 2012 ] | ||
+ | [6] [29156] [ ] [admin ] [ssh:notty ] [192.168.1.1 ] [192.168.1.1 ] [Mon Apr 16 12:23:46 2012 ] | ||
+ | [6] [24937] [ ] [devadm] [ssh:notty ] [192.168.1.1 ] [192.168.1.1 ] [Tue Apr 17 07:44:42 2012 ] | ||
+ | [6] [24937] [ ] [devadm] [ssh:notty ] [192.168.1.1 ] [192.168.1.1 ] [Tue Apr 17 07:44:44 2012 ] | ||
+ | [6] [25408] [ ] [devadm] [ssh:notty ] [192.168.1.1 ] [192.168.1.1 ] [Tue Apr 17 07:44:56 2012 ] | ||
+ | [6] [25408] [ ] [devadm] [ssh:notty ] [192.168.1.1 ] [192.168.1.1 ] [Tue Apr 17 07:44:57 2012 ] | ||