How to check failed login attempts on Linux Operating System?

Use of last and lastb commands to check login attempts

Posted by Amritpal Singh on March 24, 2018

As a developer and Linux server owner, security-wise it is very useful to know last and lastb, you can use the information outputted by these commands to take proper security measures to protect your system.

1. Use the last command to check successfully user logins on your system:

last

The output will look something like this:

[email protected]:~# last
root     pts/0        17.68.5.147    Sat Mar 24 18:48   still logged in
root     pts/0        3.226.22.16   Wed Mar  7 21:47 - 05:34  (07:47)
root     pts/0        3.26.22.16   Tue Mar  6 02:26 - 02:36  (00:10)
root     pts/0        3.26.22.16   Mon Mar  5 23:34 - 23:34  (00:00)
reboot   system boot  4.4.0-31-generic Thu Mar  1 16:12   still running

2. Use the lastb command to check failed user login attempts on your system:

lastb
[email protected]:~# lastb
usuario  ssh:notty    74.82.254.191    Thu Mar  1 06:40 - 06:40  (00:00)
usuario  ssh:notty    74.82.254.191    Thu Mar  1 06:40 - 06:40  (00:00)
usuario  ssh:notty    74.82.254.191    Thu Mar  1 06:40 - 06:40  (00:00)
jennie   ssh:notty    36.67.134.249    Thu Mar  1 06:32 - 06:32  (00:00)
jennie   ssh:notty    36.67.134.249    Thu Mar  1 06:32 - 06:32  (00:00)
studenti ssh:notty    210.187.25.165   Thu Mar  1 06:29 - 06:29  (00:00)
studenti ssh:notty    210.187.25.165   Thu Mar  1 06:29 - 06:29  (00:00)

Now, you can see the malicious login attempts and the ip address where the login was attempted from. This log output also contains failed ssh login attempts. You can install fail2ban for intrusion prevention, it automatically bans and unbans ip addresses. 


0 Comments


Add Comment