Christian WellsMonitoring system logins is a fundamental aspect of authentication management for any Linux server. By keeping track of login attempts, you can ensure the security and integrity of your system. In this article, we will explore the concepts of monitoring system logins on an Ubuntu 22.04 server, although the procedures can be followed on any modern Linux distribution.
Review Authentication Attempts
Modern Linux systems log all authentication attempts in a dedicated file located at /var/log/auth.log. To view this file, you can use the less command:
sudo less /var/log/auth.log
The output of this command will display a list of authentication attempts, including relevant information such as the date, time, and user details. Here’s an example of the output:
May 3 18:20:45 localhost sshd[585]: Server listening on 0.0.0.0 port 22. May 3 18:20:45 localhost sshd[585]: Server listening on :: port 22. May 3 18:23:56 localhost login[673]: pam_unix(login:session): session opened for user root by LOGIN(uid=0) May 3 18:23:56 localhost login[714]: ROOT LOGIN on '/dev/tty1' Sep 5 13:49:07 localhost sshd[358]: Received signal 15; terminating. Sep 5 13:49:07 localhost sshd[565]: Server listening on 0.0.0.0 port 22. Sep 5 13:49:07 localhost sshd[565]: Server listening on :: port 22. ...
Once you have finished reviewing the file, you can exit less by pressingq.
Using the “last” Command
To focus on the most recent login attempts, you can utilize the last command. This command displays the recent login history of users on the system. Here’s an example of how to use it:
last
The output of this command will show the most recent login attempts, including the username, terminal, and login time. Here’s an example of the output:
demoer pts/1 rrcs-72-43-115-1 Thu Sep 5 19:37 still logged in root pts/1 rrcs-72-43-115-1 Thu Sep 5 19:37 - 19:37 (00:00) root pts/0 rrcs-72-43-115-1 Thu Sep 5 19:15 still logged in root pts/0 rrcs-72-43-115-1 Thu Sep 5 18:35 - 18:44 (00:08) root pts/0 rrcs-72-43-115-1 Thu Sep 5 18:20 - 18:20 (00:00) demoer pts/0 rrcs-72-43-115-1 Thu Sep 5 18:19 - 18:19 (00:00)
The last command provides a formatted version of the information stored in the /etc/log/wtmp file.
Using the “lastlog” Command
The lastlog command allows you to view the last login time for each user on the system. This information is retrieved from the /etc/log/lastlog file and sorted based on the entries in the /etc/passwd file. You can use the following command to check the last login time for each user:
lastlog
The output of this command will display the username, port, source, and latest login time for each user. Here’s an example of the output:
Username Port From Latest root pts/1 rrcs-72-43-115-1 Thu Sep 5 19:37:02 +0000 2013 daemon **Never logged in** bin **Never logged in** sys **Never logged in** sync **Never logged in** games **Never logged in** ...
It is worth noting that system users will often have the entry “Never logged in” since they are not intended for direct login.
Conclusion
Monitoring system logins is an essential part of maintaining the security and integrity of your Linux server. By reviewing authentication attempts, using commands like last and lastlog, you can stay informed about who is accessing your system and when. This knowledge empowers you to detect and address any suspicious activity promptly.
Remember, user authentication on Linux is a flexible area of system management, with various tools available to accomplish the same objective. By understanding where the system stores login information, you can effectively monitor your server for any unauthorized access.
In conclusion, maintaining a vigilant approach to monitoring system logins is crucial for maintaining the security of your Ubuntu 22.04 server. By leveraging the tools and techniques outlined in this article, you can ensure that only authorized users have access to your system, safeguarding your valuable data and resources.
To learn more about efficient, scalable, and secure cloud hosting solutions, visit Shape.host. Shape.host offers reliable Cloud VPS services tailored to meet the specific needs of businesses and individuals. Trust Shape.host for all your hosting requirements and experience the power of cutting-edge technology.
