本文对 云服务器 ECS Linux 查看用户登录记录的方法进行简要说明。
要点:
用户登录的信息通常记录在 utmp(/var/run/utmp)、wtmp(/var/log/wtmp)、btmp(/var/log/btmp) 和 lastlog(/var/log/lastlog) 等文件中。
who、w 和 users 等命令通过 utmp(/var/run/utmp) 文件查询当前登录用户的信息。
last 和 ac 命令通过 wtmp(/var/log/wtmp) 文件查询当前与过去登录系统的用户的信息。
lastb 命令通过 btmp(/var/log/btmp) 文件查询所有登录系统失败的用户的信息。
lastlog 命令通过 lastlog(/var/log/lastlog) 文件查询用户最后一次登录的信息。
1.who 命令:显示当前当登录的用户的信息
who
root pts/0 2015-05-16 12:09 (182.92.253.20)
root pts/1 2015-05-16 12:54 (182.92.253.20)
root pts/2 2015-05-16 13:21 (182.92.253.20)
root pts/3 2015-05-16 13:21 (182.92.253.20)
2.w 命令:显示登录的用户及其当前执行的任务
w
15:41:39 up 5 days, 1:51, 7 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 182.92.253.20 12:09 2:14m 0.05s 0.05s mysql -ujacky -px xxxx
root pts/1 182.92.253.20 12:54 34:49 0.35s 0.35s mysql -ujacky -px xxxx
root pts/2 182.92.253.20 13:21 2:13m 0.00s 0.00s -bash
3.users 命令:显示当前当登录的用户的用户名
users
root root root root root root root
4.last 命令:显示当前与过去登录系统的用户的信息
# last
root pts/6 182.92.253.20 Sat May 16 15:31 still logged in
root pts/5 182.92.253.20 Sat May 16 15:25 still logged in
root pts/4 182.92.253.20 Sat May 16 15:07 still logged in
root pts/3 182.92.253.20 Sat May 16 13:21 still logged in
5.lastb 命令:显示所有登录系统失败的用户的信息
lastb
root ssh:notty 46.17.40.55 Sat May 16 02:06 - 02:06 (00:00)
root ssh:notty 206.221.188.50 Sat May 16 02:06 - 02:06 (00:00)
root ssh:notty 95.173.184.2 Sat May 16 01:58 - 01:58 (00:00)
6.lastlog 命令:显示用户最后一次登录的信息
#lastlog
Username Port From Latest
root pts/6 182.92.253.20 Sat May 16 15:31:48 +0800 2015
bin **Never logged in**
daemon **Never logged in**
7.secure文件查看登录记录
cat /var/log/secureu
Jun 9 08:42:10 iZ25bvxoe7qZ sshd[21418]: Accepted password for root from 42.120.74.106 port 32907 ssh2
Jun 9 08:42:10 iZ25bvxoe7qZ sshd[21418]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jun 9 08:42:10 iZ25bvxoe7qZ sshd[21420]: Accepted password for root from 42.120.74.106 port 33969 ssh2
Jun 9 08:42:10 iZ25bvxoe7qZ sshd[21420]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jun 9 08:42:10 iZ25bvxoe7qZ sshd[21420]: subsystem request for sftp by user root
原文链接:https://help.aliyun.com/knowledge_detail/41211.html