簡介
服務器很多時候哦都是會開放遠程登錄端口,這時候我們就會關注 用戶登錄記錄 。
在 Linux 上,有關用戶登錄的信息記錄在 utmp(/var/run/utmp)、wtmp(/var/log/wtmp)、btmp(/var/log/btmp) 和 lastlog(/var/log/lastlog) 等文件中。
查看當前登錄著的用戶
who、w 和 users 等命令通過 utmp(/var/run/utmp) 文件查詢當前登錄用戶的信息。
w
會有系統對應的啟動信息,登錄用戶數,負載,和登錄用戶信息,信息比較多。
<code> 11:25:23 up 36 min, 1 user, load average: 0.00, 0.01, 0.02
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/1 manjaro.example.com 11:15 3.00s 0.05s 0.00s w
/<code>
who
用戶名,終端,登錄時間(主機 IP 或者對應的域名)
<code>root pts/1 2020-03-23 11:15 (manjaro.example.com)
/<code>
users
這個就直接顯示登錄的用戶,沒有其他信息,信息比較簡潔。
<code>root
/<code>
歷史用戶登錄信息
last 和 ac 命令通過 wtmp (/var/log/wtmp) 文件查詢當前與過去登錄系統的用戶的信息。
last
<code>root pts/0 manjaro.example. Mon Mar 23 11:26 still logged in
root pts/1 gateway Mon Mar 23 11:15 - 11:26 (00:11)
root pts/0 gateway Mon Mar 23 11:14 - 11:15 (00:00)
reboot system boot 3.10.0-1062.18.1 Mon Mar 23 10:48 - 11:29 (00:41)
reboot system boot 3.10.0-1062.18.1 Mon Mar 23 10:47 - 10:48 (00:00)
root pts/0 gateway Mon Mar 23 10:37 - down (00:10)
root pts/0 gateway Mon Mar 23 10:37 - 10:37 (00:00)
reboot system boot 3.10.0-957.el7.x Mon Mar 23 10:35 - 10:47 (00:11)
wtmp begins Mon Mar 23 10:35:50 2020
/<code>
ac –debug
這個命令,默認沒有安裝
<code>yum -y install psacct
/<code>
可以通過 yum 直接安裝
<code>ac --debug
---------------------------------------------------------------------------
CURRENT REC: reboot |~ |2|~~ | 0|3.10.0-957.el7.x86_64 |Mon Mar 23 10:35:50 2020
/var/log/wtmp:1: problem: time warp (Thu Jan 1 08:00:00 1970 -> Mon Mar 23 10:35:50 2020)
---------------------------------------------------------------------------
CURRENT REC: runlevel |~ |1|~~ | 51|3.10.0-957.el7.x86_64 |Mon Mar 23 10:35:53 2020
---------------------------------------------------------------------------
CURRENT REC: |tty1 |5|tty1| 1814| |Mon Mar 23 10:35:53 2020
---------------------------------------------------------------------------
CURRENT REC: LOGIN |tty1 |6|tty1| 1814| |Mon Mar 23 10:35:53 2020
---------------------------------------------------------------------------
CURRENT REC: root |pts/0 |7|ts/0| 3641|gateway |Mon Mar 23 10:37:03 2020
**\tpts/0 root Mon Mar 23 10:37:03 2020
---------------------------------------------------------------------------
CURRENT REC: |pts/0 |8| | 3637| |Mon Mar 23 10:37:07 2020
\t\t\t\t\t 0.00 root (logout)
---------------------------------------------------------------------------
CURRENT REC: root |pts/0 |7|ts/0| 3685|gateway |Mon Mar 23 10:37:24 2020
**\tpts/0 root Mon Mar 23 10:37:24 2020
---------------------------------------------------------------------------
CURRENT REC: |tty1 |8|tty1| 1814| |Mon Mar 23 10:47:37 2020
/var/log/wtmp:8: problem: missing login record for `tty1'
**\tpts/0 root Mon Mar 23 10:37:24 2020
---------------------------------------------------------------------------
CURRENT REC: shutdown |~ |1|~~ | 0|3.10.0-957.el7.x86_64 |Mon Mar 23 10:47:38 2020
\t\t\t\t\t 0.17 root (shutdown)
---------------------------------------------------------------------------
CURRENT REC: reboot |~ |2|~~ | 0|3.10.0-1062.18.1.el7.x86_64 |Mon Mar 23 10:47:46 2020
---------------------------------------------------------------------------
CURRENT REC: runlevel |~ |1|~~ | 51|3.10.0-1062.18.1.el7.x86_64 |Mon Mar 23 10:47:50 2020
---------------------------------------------------------------------------
CURRENT REC: |tty1 |5|tty1| 616| |Mon Mar 23 10:47:50 2020
---------------------------------------------------------------------------
CURRENT REC: LOGIN |tty1 |6|tty1| 616| |Mon Mar 23 10:47:50 2020
---------------------------------------------------------------------------
CURRENT REC: |tty1 |8|tty1| 616| |Mon Mar 23 10:47:59 2020
/var/log/wtmp:14: problem: missing login record for `tty1'
---------------------------------------------------------------------------
CURRENT REC: shutdown |~ |1|~~ | 0|3.10.0-1062.18.1.el7.x86_64 |Mon Mar 23 10:48:01 2020
---------------------------------------------------------------------------
CURRENT REC: reboot |~ |2|~~ | 0|3.10.0-1062.18.1.el7.x86_64 |Mon Mar 23 10:48:25 2020
---------------------------------------------------------------------------
CURRENT REC: runlevel |~ |1|~~ | 51|3.10.0-1062.18.1.el7.x86_64 |Mon Mar 23 10:48:27 2020
---------------------------------------------------------------------------
CURRENT REC: |tty1 |5|tty1| 617| |Mon Mar 23 10:48:27 2020
---------------------------------------------------------------------------
CURRENT REC: LOGIN |tty1 |6|tty1| 617| |Mon Mar 23 10:48:27 2020
---------------------------------------------------------------------------
CURRENT REC: root |pts/0 |7|ts/0| 8379|gateway |Mon Mar 23 11:14:46 2020
**\tpts/0 root Mon Mar 23 11:14:46 2020
---------------------------------------------------------------------------
CURRENT REC: root |pts/1 |7|ts/1| 8401|gateway |Mon Mar 23 11:15:07 2020
**\tpts/0 root Mon Mar 23 11:14:46 2020
**\tpts/1 root Mon Mar 23 11:15:07 2020
---------------------------------------------------------------------------
CURRENT REC: |pts/0 |8| | 8376| |Mon Mar 23 11:15:45 2020
\t\t\t\t\t 0.02 root (logout)
**\tpts/1 root Mon Mar 23 11:15:07 2020
---------------------------------------------------------------------------
CURRENT REC: |pts/1 |8| | 8398| |Mon Mar 23 11:26:51 2020
\t\t\t\t\t 0.20 root (logout)
---------------------------------------------------------------------------
CURRENT REC: root |pts/0 |7|ts/0| 8511|manjaro.example.com |Mon Mar 23 11:26:52 2020
**\tpts/0 root Mon Mar 23 11:26:52 2020
---------------------------------------------------------------------------
CURRENT REC: |tty1 |8|tty1| 617| |Mon Mar 23 11:31:45 2020
/var/log/wtmp:25: problem: missing login record for `tty1'
**\tpts/0 root Mon Mar 23 11:26:52 2020
---------------------------------------------------------------------------
CURRENT REC: shutdown |~ |1|~~ | 0|3.10.0-1062.18.1.el7.x86_64 |Mon Mar 23 11:31:47 2020
\t\t\t\t\t 0.08 root (shutdown)
---------------------------------------------------------------------------
CURRENT REC: reboot |~ |2|~~ | 0|3.10.0-1062.18.1.el7.x86_64 |Mon Mar 23 11:31:54 2020
---------------------------------------------------------------------------
CURRENT REC: runlevel |~ |1|~~ | 51|3.10.0-1062.18.1.el7.x86_64 |Mon Mar 23 11:31:56 2020
---------------------------------------------------------------------------
CURRENT REC: |tty1 |5|tty1| 605| |Mon Mar 23 11:31:56 2020
---------------------------------------------------------------------------
CURRENT REC: LOGIN |tty1 |6|tty1| 605| |Mon Mar 23 11:31:56 2020
---------------------------------------------------------------------------
CURRENT REC: root |pts/0 |7|ts/0| 1192|manjaro.example.com |Mon Mar 23 11:32:02 2020
**\tpts/0 root Mon Mar 23 11:32:02 2020
\t\t\t\t\t 0.07 root (catch-up)
\ttotal 0.53
/<code>
查看登錄失敗記錄
lastb 命令通過 btmp(/var/log/btmp) 文件查詢所有登錄系統失敗的用戶的信息。
lastb
<code>admin ssh:notty manjaro.example. Mon Mar 23 11:38 - 11:38 (00:00)
admin ssh:notty manjaro.example. Mon Mar 23 11:38 - 11:38 (00:00)
admin ssh:notty manjaro.example. Mon Mar 23 11:38 - 11:38 (00:00)
btmp begins Mon Mar 23 11:38:00 2020
/<code>
所有用戶最後一次登錄記錄
lastlog 命令通過 lastlog(/var/log/lastlog) 文件查詢用戶最後一次登錄的信息。
lastlog
<code>Username Port From Latest
root pts/0 manjaro.example. Mon Mar 23 11:32:02 +0800 2020
bin **Never logged in**
daemon **Never logged in**
adm **Never logged in**
lp **Never logged in**
sync **Never logged in**
shutdown **Never logged in**
halt **Never logged in**
mail **Never logged in**
operator **Never logged in**
games **Never logged in**
ftp **Never logged in**
nobody **Never logged in**
systemd-network **Never logged in**
dbus **Never logged in**
polkitd **Never logged in**
sshd **Never logged in**
postfix **Never logged in**
chrony **Never logged in**
jalright pts/1 Mon Mar 23 11:15:40 +0800 2020
/<code>
分享到:
閱讀更多 linux運維菜 的文章
