• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

Check successful and unsuccessful user login attempts in linux

by admin

For Linux System admins it is very important to know successful & unsuccessful user login attempts on their Linux boxes. In this post, we will discuss the commands that will help Linux system admins to determine successful & unsuccessful user login attempts.

last command

The last command shows the history the successful user login attempts & system reboot details by reading the file /var/log/wtmp. This file capture all login and logout sessions including login time, duration a user stayed logged in & tty(terminal) where the user’s session took place. To display all user login, logout & system reboot activities, type the ‘last‘ command on the terminal without any arguments. An example is shown below:

# last
root     pts/0        117.206.178.226  Sun Nov 30 10:47   still logged in   
root     pts/0        117.206.178.226  Sat Nov 29 22:47 - 22:50  (00:03)    
root     pts/1        117.206.178.226  Sat Nov 29 22:17 - 22:46  (00:29)    
root     pts/0        117.206.183.48   Wed Nov 26 21:35 - 21:50  (00:14)    
root     pts/0        117.206.185.124  Tue Nov 25 23:23 - 23:24  (00:01)    
...........

To display only system reboot details:

# last reboot
reboot   system boot  2.6.32-431.23.3. Sun Sep  7 02:07 - 10:49 (84+09:41)  
reboot   system boot  2.6.32-431.23.3. Sun Sep  7 01:58 - 02:07  (00:08)    
reboot   system boot  2.6.32-431.17.1. Sat Sep  6 12:13 - 01:58  (13:44)    

wtmp begins Sat Sep  6 12:13:56 2014

There is another command that lists more detailed information on recent logins and reboots.This command is utmpdump and is executed the following way:

# utmpdump /var/log/wtmp

lastb Command

The lastb command display the information of bad login attempts or unsuccessful login attempts by reading the file /var/log/btmp. This file keeps the track of all unsuccessful login attempt activities including login name, time & the tty (terminal) where the attempt was made. To display all unsuccessful login attempts, type the ‘lastb‘ command on the terminal without any arguments. An example is shown below.

# lastb
admin    ssh:notty    125.161.19.132   Sun Nov 30 09:49 - 09:49  (00:00)    
admin    ssh:notty    125.161.19.132   Sun Nov 30 09:48 - 09:48  (00:00)    
root     ssh:notty    61.174.49.105    Sun Nov 30 09:33 - 09:33  (00:00)    
root     ssh:notty    61.174.49.105    Sun Nov 30 09:33 - 09:33  (00:00)    
root     ssh:notty    61.174.49.105    Sun Nov 30 09:33 - 09:33  (00:00)    
root     ssh:notty    61.174.49.105    Sun Nov 30 09:33 - 09:33  (00:00)    
root     ssh:notty    61.174.49.105    Sun Nov 30 09:33 - 09:33  (00:00)    
root     ssh:notty    61.174.49.105    Sun Nov 30 09:33 - 09:33  (00:00)    
root     ssh:notty    61.174.49.105    Sun Nov 30 09:33 - 09:33  (00:00)    
root     ssh:notty    61.174.49.105    Sun Nov 30 09:33 - 09:33  (00:00)
...........................

lastlog Command

The lastlog command displays information of most recent logins of all users or a given user by reading the file /var/log/lastlog.

# lastlog 
Username         Port     From             Latest
root             pts/0    117.206.178.226  Sun Nov 30 10:47:03 -0600 2014
bin                                        **Never logged in**
daemon                                     **Never logged in**
adm                                        **Never logged in**
lp                                         **Never logged in**
sync                                       **Never logged in**
shutdown                                   **Never logged in**
...............

Filed Under: Linux

Some more articles you might also be interested in …

  1. Beginners Guide to NFS in CentOS / RHEL
  2. LVM Commands Fail With “Failed to load config file /etc/lvm/lvm.conf”
  3. How to re-create the yum cache (force a fetch of the cache data) from enabled repositories in CentOS/RHEL
  4. chfn Command Examples in Linux
  5. RCRON – Setup High Availability of cron Jobs
  6. How To Configure Separate Override.conf For Multiple MySQL Instances Using Systemd
  7. mpg123 Command Examples in Linux
  8. apt-cache: command not found
  9. pvs: command not found
  10. CentOS / RHEL : How to create a Thinly Provisioned Logical Volume

You May Also Like

Primary Sidebar

Recent Posts

  • qm Command Examples in Linux
  • qm wait Command Examples in Linux
  • qm start Command Examples in Linux
  • qm snapshot Command Examples in Linux

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright