Checking Login History in Linux
1) Checking login history of all logged users in Linux
Jalankan command ‘last’ tanpa argument apapun untuk melihat semua history login yang berhasil masuk.
Jika history nya banyak, gunakan command less or moreuntuk men shorting.
1
2
3
4
5
6
7
8
# last -3
root pts/0 125.163.129.231 Mon Mar 15 18:38 still logged in
root pts/0 125.163.129.231 Mon Mar 15 17:25 - 17:25 (00:00)
root pts/0 125.163.129.231 Mon Mar 15 17:23 - 17:23 (00:00)
wtmp begins Mon Mar 1 01:41:24 2021
2) Checking login history for a particular user
Jika ingin melihat history login user tertentu, gunakan command dibawah ini. Replace ‘user_name’ dengan nama user yang ingin di cek.
1
2
3
4
5
6
7
8
9
10
# last root -5
root pts/0 125.163.129.231 Mon Mar 15 18:38 still logged in
root pts/0 125.163.129.231 Mon Mar 15 17:25 - 17:25 (00:00)
root pts/0 125.163.129.231 Mon Mar 15 17:23 - 17:23 (00:00)
root pts/0 125.163.129.231 Mon Mar 15 17:22 - 17:23 (00:01)
root pts/0 36.90.63.242 Thu Mar 11 23:21 - 23:22 (00:01)
wtmp begins Mon Mar 1 01:41:24 2021
3) How to check login history for a particular period in Linux?
Jika ingin memeriksa siapa yang telah login dalam jangka waktu tertentu, gunakan format berikut.
1
2
3
4
5
6
7
8
# last -F -5 | grep -E 'Mar ([ 1-9]|1[0-9]|2[0-9]|30)' | grep 2021
root pts/0 125.163.129.231 Mon Mar 15 18:38:48 2021 still logged in
root pts/0 125.163.129.231 Mon Mar 15 17:25:18 2021 - Mon Mar 15 17:25:23 2021 (00:00)
root pts/0 125.163.129.231 Mon Mar 15 17:23:23 2021 - Mon Mar 15 17:23:26 2021 (00:00)
root pts/0 125.163.129.231 Mon Mar 15 17:22:02 2021 - Mon Mar 15 17:23:20 2021 (00:01)
root pts/0 36.90.63.242 Thu Mar 11 23:21:18 2021 - Thu Mar 11 23:22:56 2021 (00:01)
wtmp begins Mon Mar 1 01:41:24 2021
Jika ingin memeriksa suatu user yang telah login dalam jangka waktu tertentu, gunakan format berikut.
1
2
3
4
5
6
7
8
9
# last -F root -5 | grep -E 'Mar ([ 1-9]|1[0-9]|2[0-9]|30)' | grep 2021
root pts/0 125.163.129.231 Mon Mar 15 18:38:48 2021 still logged in
root pts/0 125.163.129.231 Mon Mar 15 17:25:18 2021 - Mon Mar 15 17:25:23 2021 (00:00)
root pts/0 125.163.129.231 Mon Mar 15 17:23:23 2021 - Mon Mar 15 17:23:26 2021 (00:00)
root pts/0 125.163.129.231 Mon Mar 15 17:22:02 2021 - Mon Mar 15 17:23:20 2021 (00:01)
root pts/0 36.90.63.242 Thu Mar 11 23:21:18 2021 - Thu Mar 11 23:22:56 2021 (00:01)
wtmp begins Mon Mar 1 01:41:24 2021
4) Checking login history based on a terminal connected
Jika ingin memeriksa user berdasarkan terminal yang terhubung. Gunakan format berikut.
1
2
3
4
5
6
7
8
9
10
# last pts/0 -5
root pts/0 125.163.129.231 Mon Mar 15 18:38 still logged in
root pts/0 125.163.129.231 Mon Mar 15 17:25 - 17:25 (00:00)
root pts/0 125.163.129.231 Mon Mar 15 17:23 - 17:23 (00:00)
root pts/0 125.163.129.231 Mon Mar 15 17:22 - 17:23 (00:01)
root pts/0 36.90.63.242 Thu Mar 11 23:21 - 23:22 (00:01)
wtmp begins Mon Mar 1 01:41:24 2021
5) How to check bad login history in Linux?
Gunakan command lastb untuk memeriksa bad login.
1
2
3
4
5
6
7
8
9
# lastb -5
root ssh:notty 120.28.109.188 Mon Mar 15 19:02 - 19:02 (00:00)
mosquitt ssh:notty 103.10.87.54 Mon Mar 15 19:01 - 19:01 (00:00)
mosquitt ssh:notty 103.10.87.54 Mon Mar 15 19:01 - 19:01 (00:00)
software ssh:notty 120.28.109.188 Mon Mar 15 19:01 - 19:01 (00:00)
software ssh:notty 120.28.109.188 Mon Mar 15 19:01 - 19:01 (00:00)
btmp begins Mon Mar 1 00:52:28 2021
Jalankan command dibawah ini untuk menyembunyikan informasi hostname.
1
2
3
4
5
6
7
8
9
10
# last -5 -R
root pts/0 Mon Mar 15 18:38 still logged in
root pts/0 Mon Mar 15 17:25 - 17:25 (00:00)
root pts/0 Mon Mar 15 17:23 - 17:23 (00:00)
root pts/0 Mon Mar 15 17:22 - 17:23 (00:01)
root pts/0 Thu Mar 11 23:21 - 23:22 (00:01)
wtmp begins Mon Mar 1 01:41:24 2021