Linux - 查看用户登录记录
1,常用命令简介
有关用户登录的信息记录在 utmp(/var/run/utmp)、wtmp(/var/log/wtmp)、btmp(/var/log/btmp) 和 lastlog(/var/log/lastlog) 等文件中。
当前登录用户的信息: who、w 和 users 等命令查询,通过utmp(/var/run/utmp) 文件查询。
当前与过去登录系统的用户的信息:last 和 ac 命令查询,通过wtmp(/var/log/wtmp) 文件查询。
所有登录系统失败的用户的信息:lastb 命令查询,通过 btmp(/var/log/btmp) 文件查询。
用户最后一次登录的信息:lastlog 命令查询,通过 lastlog(/var/log/lastlog) 文件查询。
2,各个命令介绍和使用
下面依次对Linux查看用户登录记录命令who、w、users、last、ac、lastb、lastlog命令一一介绍。
- who命令:显示当前登录的用户信息
root@test:~# who
root tty1 2020-02-29 13:31
root pts/0 2020-05-06 14:31 (113.46.225.201)
root pts/1 2020-05-06 14:56 (113.46.225.201)
- w命令:显示登录的用户及其当前执行的任务
root@test:~# w
15:00:07 up 67 days, 1:30, 3 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 29Feb20 67days 0.03s 0.03s -bash
root pts/0 123.46.225.211 14:31 21:33 0.10s 0.10s -bash
root pts/1 123.46.225.211 14:56 3.00s 0.03s 0.00s w`
- users 命令:显示当前当登录的用户的用户名
root@test:~# users
root root root
- last 命令:显示当前与过去登录系统的用户的信息
root@test:~# last
root pts/1 123.46.225.211 Wed May 6 14:56 still logged in
root pts/0 123.46.225.211 Wed May 6 14:31 still logged in
root pts/1 123.46.225.211 Mon May 4 10:57 - 05:09 (18:11)
root pts/0 123.46.225.211 Mon May 4 10:51 - 03:05 (16:14)
root pts/1 123.46.225.211 Mon May 4 00:20 - 05:14 (04:53)
root pts/0 123.46.225.211 Sun May 3 20:27 - 05:14 (08:46)
root pts/2 123.46.225.211 Sun May 3 15:19 - 20:11 (04:51)
root pts/1 123.46.225.211 Sun May 3 14:49 - 20:11 (05:22)
root pts/0 123.46.225.211 Sun May 3 12:39 - 20:11 (07:31)
- ac命令:用户连接时间的统计数据(-d -p)
root@test:~# ac
total 67.48
- lastb 命令:显示所有登录系统失败的用户的信息
root ssh:notty 113.46.225.201 Wed May 6 14:30 - 14:30 (00:00)
ssh:notty 65.49.20.66 Wed May 6 09:25 - 09:25 (00:00)
docker ssh:notty 47.92.111.243 Wed May 6 07:07 - 07:07 (00:00)
docker ssh:notty 47.92.111.243 Wed May 6 07:07 - 07:07 (00:00)
centos ssh:notty 47.92.111.243 Wed May 6 06:20 - 06:20 (00:00)
centos ssh:notty 47.92.111.243 Wed May 6 06:20 - 06:20 (00:00)
root ssh:notty 182.106.90.244 Tue May 5 10:39 - 10:39 (00:00)
admin ssh:notty 121.202.77.228 Tue May 5 05:12 - 05:12 (00:00)
admin ssh:notty 121.202.77.228 Tue May 5 05:11 - 05:11 (00:00)
admin ssh:notty 41.218.200.74 Tue May 5 05:11 - 05:11 (00:00)
admin ssh:notty 41.218.200.74 Tue May 5 05:11 - 05:11 (00:00)
root ssh:notty 45.67.15.97 Mon May 4 13:19 - 13:19 (00:00)
admin ssh:notty 156.211.0.184 Sun May 3 22:47 - 22:47 (00:00)
admin ssh:notty 156.211.0.184 Sun May 3 22:47 - 22:47 (00:00)
ssh:notty 139.162.122.110 Sun May 3 06:58 - 06:58 (00:00)
admin ssh:notty 61.91.35.34 Sat May 2 19:55 - 19:55 (00:00)
admin ssh:notty 61.91.35.34 Sat May 2 19:55 - 19:55 (00:00)
root ssh:notty 45.67.15.100 Sat May 2 17:52 - 17:52 (00:00)
admin ssh:notty 113.172.137.219 Sat May 2 03:13 - 03:13 (00:00)
admin ssh:notty 113.172.137.219 Sat May 2 03:13 - 03:13 (00:00)
admin ssh:notty 103.213.239.126 Sat May 2 03:13 - 03:13 (00:00)
admin ssh:notty 103.213.239.126 Sat May 2 03:13 - 03:13 (00:00)
- lastlog 命令:显示用户最后一次登录的信息
root@test:~# lastlog
Username Port From Latest
root pts/1 123.46.225.211 Wed May 6 14:56:55 +0800 2020
daemon **Never logged in**
bin **Never logged in**
sys **Never logged in**
sync **Never logged in**
games **Never logged in**
man **Never logged in**
lp **Never logged in**
mail **Never logged in**
各个命令的详细用法可通过[man 命令名]进行查阅,如下所示
root@iZ8vbi53w9kxhwcej5jdhpZ:~# man who
WHO(1) User Commands WHO(1)
NAME
who - show who is logged on
SYNOPSIS
who [OPTION]... [ FILE | ARG1 ARG2 ]
参考资料: https://www.cnblogs.com/huey/p/4494365.html