Find out the user's login history to the server
How to find the user's login history to the server for a specific period of time by using "last" command.
Example:
command for the below ???!!!
How to find the "userA" login history to the server from 21-June-2018 to 24-July-2018
Responses
Hi
You can use the below command to search for login history
utmpdump /var/log/wtmp* | awk '$4~"userA" {print}'
Regards Sadiq
Hi
In that case you need to first redirect the output to some text file and then run the awk on the log file .
utmpdump /var/log/wtmp* | awk '$4~"userA" {print}' > /var/tmp/userAtime
awk '$8>"[28/Jun/2018:16:10" && $8<"[24/Jul/2018:16:10"' /var/tmp/userAtime
Thanks Sadiq
User login attempts also get recorded in '/var/log/secure' file which you may have to grep and use combination of awk/sed to get desired results. #grep login /var/log/secure|grep root|grep "session opened" .... which would list out all successful root user logins to the system. I hope this may help you. Like-wise logouts would be recorded as 'session closed' in /var/log/secure file which also records failed attempts.
The "last" command is another way to get this information, and you can use the "--since" and "--until" options to narrow the search:
[rgreene@rnd2 tmp]$ last --since 2018-06-01 08:00 --until 2018-06-15 17:00 rgreene rgreene pts/0 192.168.100.6 Tue Jun 12 06:48 - 22:38 (15:49) rgreene pts/0 198.153.241.140 Wed Jun 6 06:57 - 15:48 (08:51) rgreene pts/0 198.153.241.140 Mon Jun 4 15:08 - 15:09 (00:00)
wtmp begins Mon Dec 11 09:04:32 2017
Rick, add three tildes in a row above/below code which will help format code without it being wrapped into one line.
"~~~"
your code goes here.
"~~~"
(remove the quotes of course)
Some times I run this to cut out obvious distractors with the last command:
last | egrep -v 'oot|nameofscanaccountthatspamslogins|thatadminwhologsinalot'
The egrep -v will drop the things unneeded (separate terms with a "|" character, also the "oot" in the egrep -v is either "root or boot" which populates "last" results)
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
