List of users that logged on and understanding last
I would like view a list of who logged on to my server. I believe this information is stored in /var/log/wtmp, and accessible using the last command. I would like to better understand the information this log is reporting. Questions:
Thanks Code:
[root@michaels UsmyNaerme]# last |
Quote:
You can look at network connections using the 'netstat' command. pts refers to pseudo terminals (i.e. not hardware). In your listing they are probably shells opened in a GUI. tty1 is the first terminal. You probably also have tty2 to tty6. If you use Alt-F[2-6] in tty1, you will probably get tty[2-6]. down means that system has gone down, probably for reboot. The +1 means to add a day i.e. 24hours. Quote:
|
Thanks allend,
Good point about having root open for over 24 hours. This is just a test server for learning purposes, and I will flatten in a couple of days and start over. That being said, no use getting in bad habits. Both 'last' and 'w' both don't show the remote user's IP. How is this done? Or would I see something different than 192.168.0.103 if I was remote? In regards to 'netstat', should it be replaced by 'ss'? Also, what do the foreign IP connections mean which I show below in bold? THanks [root@michaels myUserName]# ss State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 127.0.0.1:48938 127.0.0.1:6379 .... ESTAB 0 0 192.168.0.215:ssh 114.111.161.23:40312 .... ESTAB 0 52 192.168.0.215:ssh 192.168.0.103:62488 .... ESTAB 0 0 127.0.0.1:6379 127.0.0.1:49188 [root@michaels myUserName]# netstat Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 newlaptop.michaels.lan:ssh 218.51.174.61.dial.w:nimreg TIME_WAIT .... tcp 0 840 newlaptop.michaels.lan:ssh 218.51.174.61.dial.w:sabams ESTABLISHED tcp 0 0 newlaptop.michaels.lan:ssh 192.168.0.103:62488 ESTABLISHED .... tcp 0 0 newlaptop.michaels.lan:ssh 114.111.161.23:50824 ESTABLISHED .... tcp 0 0 localhost:6379 localhost:49188 ESTABLISHED Active UNIX domain sockets (w/o servers) Proto RefCnt Flags Type State I-Node Path unix 2 [ ] DGRAM 9390 @/org/kernel/udev/udevd .... [root@michaels myUserName]# |
You are getting similar information from 'ss' as you can get from 'netstat'.
Quote:
There is also a connection from port 62488 on a remote host with IP address 192.168.0.103 to the ssh port (port 22) on the local host with IP address 192.168.0.215 |
Quote:
Quote:
Quote:
Quote:
|
Quote:
Also, to find failed login attempt check /var/log/secure file, or Code:
# utmpdump btmp |
All times are GMT -5. The time now is 10:32 AM. |