 |
| Categories Menu | | |
| Navigation | |
|
|
 Home |
| |
|
|
 Community |
| |
|
 Content |
| |
|
 Support Us |
| | | | |
| |
| User Info | |
| Welcome, Anonymous
 Membership:
 Latest: crookedface
 New Today: 0
 New Yesterday: 0
 Overall: 218
 People Online:
 Visitors: 6
 Members: 0
 Total: 6
| | |
| |
| hacker Beware | | |
 | |
Commands: last, lastb - shows users who have logged in
Posted on Sunday, December 26 @ 11:54:25 CST by maysvill
|
ewiget writes "The last command is used to show the last succesful logins to a system. Last uses the file /var/log/wtmp to store its data. This file is often deleted by crackers when a system is compromised.
The lastb command lists the last unsuccesful or bad login attempts. Lastb uses the file /var/log/btmp file to store its data.
From the man page of last, we have:
LAST,LASTB(1) Linux System Administrator's Manual LAST,LASTB(1)
NAME
last, lastb - show listing of last logged in users
SYNOPSIS
last [-R] [-num] [ -n num ] [-adiox] [ -f file ] [name...] [tty...]
lastb [-R] [-num] [ -n num ] [ -f file ] [-adiox] [name...] [tty...]
DESCRIPTION
Last searches back through the file /var/log/wtmp (or the file designated by the -f flag) and displays a list of all users logged in (and out) since that file was created. Names of users and tty's can be given, in which case last will show only those entries matching the arguments. Names of ttys can be abbreviated, thus last 0 is the same as last tty0.
When last catches a SIGINT signal (generated by the interrupt key, usually control-C) or a SIGQUIT signal (generated by the quit key, usually control-), last will show how far it has searched through the file; in the case of the SIGINT signal last will then terminate.
The pseudo user reboot logs in each time the system is rebooted. Thus last reboot will show a log of all reboots since the log file was created.
Lastb is the same as last, except that by default it shows a log of the file /var/log/btmp, which contains all the bad login attempts.
OPTIONS
-num This is a count telling last how many lines to show.
-n num The same.
-R Suppresses the display of the hostname field.
-a Display the hostname in the last column. Useful in combination with the next flag.
-d For non-local logins, Linux stores not only the host name of the remote host but its IP number as well. This option translates the IP number back into a hostname.
-i This option is like -d in that it displays the IP number of the remote host, but it displays the IP number in numbers-and-dots notation.
-o Read an old-type wtmp file (written by linux-libc5 applications).
-x Display the system shutdown entries and run level changes.
NOTES
The files wtmp and btmp might not be found. The system only logs information in these files if they are present. This is a local configuration issue. If you want the files to be used, they can be created with a simple touch(1) command (for example, touch /var/log/wtmp).
FILES
/var/log/wtmp
/var/log/btmp
AUTHOR
Miquel van Smoorenburg, miquels@cistron.nl
SEE ALSO
shutdown(8), login(1), init(8)
Jul 29, 1999 LAST,LASTB(1)
"
|
| |
| Related Links | | |
| Article Rating | | |
| Options | | | |
|
| | The comments are owned by the poster. We aren't responsible for their content. |
|
|
|
No Comments Allowed for Anonymous, please register |
|
|
|
