How to use the command 'lastb' (with examples)

How to use the command 'lastb' (with examples)

The command ’lastb’ is used to display a listing of the last logged in users. It provides information about the user, the terminal from which the user logged in, the date and time of login attempt, and the IP address from which the user attempted to login. Additionally, it also provides the status of the login attempt, whether it was successful or failed.

Use case 1: Show a list of all last logged in users

Code:

sudo lastb

Motivation:

This use case is helpful when you want to get a quick overview of the last logged in users on your system. It allows you to see who has recently attempted to login and provides information about their login attempts.

Explanation:

  • sudo: The ’lastb’ command usually requires superuser privileges to access the login logs, hence the ‘sudo’ prefix is used to run the command with root privileges.

Example output:

user1    tty1                     Tue May 25 21:32 - failed (invalid password)
user2    pts/0        192.168.1.10 Tue May 25 17:45 - failed (invalid password)
user3    pts/0        192.168.1.20 Tue May 25 10:15 - failed (invalid password)

Use case 2: Show a list of all last logged in users since a given time

Code:

sudo lastb --since YYYY-MM-DD

Motivation:

This use case is useful if you want to see the login attempts since a specific date. It allows you to filter the list of logged in users to show only the ones who attempted to login after the specified date.

Explanation:

  • --since YYYY-MM-DD: This option is used to filter the results based on the specified date. It only shows the login attempts that occurred after the specified date.

Example output:

user1    tty1                     Wed May 26 18:45 - failed (invalid password)
user2    pts/0        192.168.1.10 Wed May 26 09:30 - failed (invalid password)
user3    pts/0        192.168.1.20 Wed May 26 06:15 - failed (invalid password)

Use case 3: Show a list of all last logged in users until a given time

Code:

sudo lastb --until YYYY-MM-DD

Motivation:

This use case is helpful if you want to see the login attempts up until a specific date. It allows you to filter the list of logged in users to show only the ones who attempted to login before the specified date.

Explanation:

  • --until YYYY-MM-DD: This option is used to filter the results based on the specified date. It only shows the login attempts that occurred before the specified date.

Example output:

user1    tty1                     Tue May 25 21:32 - failed (invalid password)
user2    pts/0        192.168.1.10 Tue May 25 17:45 - failed (invalid password)
user3    pts/0        192.168.1.20 Tue May 25 10:15 - failed (invalid password)

Use case 4: Show a list of all logged in users at a specific time

Code:

sudo lastb --present hh:mm

Motivation:

This use case is useful if you want to see the login attempts at a specific time. It allows you to filter the list of logged in users to show only the ones who attempted to login at the specified time.

Explanation:

  • --present hh:mm: This option is used to filter the results based on the specified time. It only shows the login attempts that occurred exactly at the specified time.

Example output:

user1    tty1                     Tue May 25 21:32 - failed (invalid password)

Use case 5: Show a list of all last logged in users and translate the IP into a hostname

Code:

sudo lastb --dns

Motivation:

This use case is helpful if you want to see the login attempts along with the hostname associated with the IP address from which the user attempted to login. It provides a more identifiable information about the login attempts.

Explanation:

  • --dns: This option is used to translate the IP addresses into hostnames. It uses DNS to resolve the IP addresses and replaces them with the corresponding hostnames in the output.

Example output:

user1    tty1                     Tue May 25 21:32 - failed (invalid password)
user2    pts/0        hostname1    Tue May 25 17:45 - failed (invalid password)
user3    pts/0        hostname2    Tue May 25 10:15 - failed (invalid password)

Conclusion:

The ’lastb’ command is a useful tool for viewing the last logged in users and their login attempts. It allows you to filter the results based on time and provides additional information such as the IP addresses and hostname resolutions. Understanding how to use the various options of the ’lastb’ command helps in monitoring and analyzing login activities on a system.

Tags :

Related Posts

How to use the command 'cbatticon' (with examples)

How to use the command 'cbatticon' (with examples)

The ‘cbatticon’ command is a lightweight and fast battery icon that sits in your system tray.

Read More
Using azcopy (with examples)

Using azcopy (with examples)

1: Log in to an Azure Tenant azcopy login Motivation: The azopy login command allows you to log in to your Azure tenant, enabling you to access your Azure storage accounts.

Read More
How to use the command "cat" (with examples)

How to use the command "cat" (with examples)

The “cat” command is a utility in Unix-like operating systems that is used to concatenate files and print the contents of files.

Read More