This is the first Fab 5 Linux tips of the series. I’ll post 5 tools, commands, hacks, configs, etc that you can use for administering your Linux Systems.
Here are the Fab 5 quick tips on keeping up with users who log into your servers.
lastlog – reports the most recent login of all users or of a given user
Lastlog alone prints out the last login of all the users on the system. Accounts that have never been used and service account that don’t log in, indicate that they’ve never logged in.
-u print out the last login of a particular user. It lists the pseudo terminal used, IP address the login came from, as well as the date and time.
# lastlog -u username
W shows who is logged on and what processes they’re running.
W alone shows everyone who’s logged in right now.
# w username
displays a specific users login and what processes they’re currently running.
Who show who is logged on. It’s slightly different than w, in that it just prints who’s logged in, what terminal and from what IP address. It doesn’t show what processes they’re running. Either one would work, if you’re just looking to see who’s logged in at the moment. Who as a few more options that give it a bit more functionality
# who -b
this give the last boot time of the server. Similar to #uptime, w tells you the time and date of the last boot, uptime gives you the current time and how long the server has been up and running.
If you’re only looking to see just how many users are logged in at the moment, and not much else, this will do the trick
Lslogins display information about known users on the system.
Prints a list of logins (system and user)
Prints out the failed logins of regular users
There is also a command called faillog that does the same thing, but it doesn’t appear to be installed on my RHEL 6.9 server and on Ubuntu 16.04, the information is pretty meaningless out of the box. YMMV.
Last and LastB show a listing of last logged in users.
#last -aF | head
Displays the last logins, with login and logout times.
lastb is the same as last, except that by default it shows a log of the /var/log/btmp file, which contains all the bad login attempts. Here you get a peek at all the attempts of people trying to log into your system.