系统信息
$ cat /etc/centos-release
CentOS Linux release 7.7.1908 (Core)
$ uname --kernel-release
3.10.0-1062.el7.x86_64
查看用户的登录信息
显示当前登录的用户,及其进程:
$ w
20:18:08 up 13 min, 2 users, load average: 0.00, 0.08, 0.14
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 20:07 3:20 0.05s 0.05s -bash
root pts/0 192.168.88.1 20:07 0.00s 0.02s 0.00s w
命令的描述:
NAME
w - Show who is logged on and what they are doing.
SYNOPSIS
w [options] user [...]
DESCRIPTION
w displays information about the users currently on the machine, and their processes. The header shows, in this order, the current time, how long the system has been running, how many users are currently logged on, and the system load averages for the past 1, 5, and 15 minutes.
The following entries are displayed for each user: login name, the tty name, the remote host, login time, idle time, JCPU, PCPU, and the command line of their current process.
The JCPU time is the time used by all processes attached to the tty. It does not include past background jobs, but does include currently running background jobs.
The PCPU time is the time used by the current process, named in the "what" field.
FILES
/var/run/utmp
information about who is currently logged on
/proc process information
SEE ALSO
free(1), ps(1), top(1), uptime(1), utmp(5), who(1)
查看系统最后一次启动的时间,以及当前登录的用户:
$ who --heading --boot --users
NAME LINE TIME IDLE PID COMMENT
system boot 2020-12-22 20:04
root tty1 2020-12-22 20:07 00:09 749
root pts/0 2020-12-22 20:07 . 1401 (192.168.88.1)
- 第 2 行:系统最后一次启动的时间;
- 第 3、4 行:当前登录的用户。
命令和部分选项的描述:
NAME
who - show who is logged on
SYNOPSIS
who [OPTION]... [ FILE | ARG1 ARG2 ]
DESCRIPTION
Print information about users who are currently logged in.
-b, --boot
time of last system boot
-H, --heading
print line of column headings
-u, --users
list users logged in
查看最近登录的用户:
$ last -a
root pts/1 Tue Dec 22 22:54 - 22:55 (00:00) 192.168.88.1
root pts/0 Tue Dec 22 20:07 still logged in 192.168.88.1
root tty1 Tue Dec 22 20:07 still logged in
reboot system boot Tue Dec 22 20:04 - 22:55 (02:50) 3.10.0-1062.el7.x86_64
root pts/0 Fri May 15 19:38 - crash (221+00:25) 192.168.88.1
root tty1 Fri May 15 19:28 - 19:39 (00:11)
reboot system boot Fri May 15 19:27 - 22:55 (221+03:27) 3.10.0-1062.el7.x86_64
wtmp begins Fri May 15 19:27:23 2020
查看最近登录失败的用户:
$ lastb -a
root ssh:notty Tue Dec 22 22:54 - 22:54 (00:00) 192.168.88.1
btmp begins Tue Dec 22 22:54:31 2020
注意:lastb
与 last
很像,只不过 lastb
显示 /var/log/btmp
文件的日志记录,其包含登录失败的信息。而 last
显示 /var/log/wtmp
文件的日志记录。
如果 lastb
找不到 /var/log/btmp
文件,那么执行该命令之后将得到如下提示:
lastb: /var/log/btmp: No such file or directory
Perhaps this file was removed by the operator to prevent logging lastb info.
可以执行 touch /var/log/btmp
命令创建 /var/log/btmp
文件。然后,修改文件的所有者、组,以及权限:
$ chown root:utmp /var/log/btmp
$ chmod 600 /var/log/btmp
该文件的所有者、组,及其权限:
$ ll /var/log/btmp
-rw-------. 1 root utmp 384 Dec 23 00:00 /var/log/btmp
命令和部分选项的描述:
NAME
last, lastb - show listing of last logged in users
SYNOPSIS
last [-R] [-num] [ -n num ] [-adFiowx] [ -f file ] [ -t YYYYMMDDHHMMSS ] [name...] [tty...]
lastb [-R] [-num] [ -n num ] [ -f file ] [-adFiowx] [name...] [tty...]
DESCRIPTION
Last searches back through the file /var/log/wtmp (or the file designated by the -f flag) and displays a list of all users logged in (and out) since that file was created. Names of users and tty's can be given, in which case last will show only those entries matching the arguments. Names of ttys can be abbreviated, thus last 0 is the same as last tty0.
When last catches a SIGINT signal (generated by the interrupt key, usually control-C) or a SIGQUIT signal (generated by the quit key, usually control-\), last will show how far it has searched through the file; in the case of the SIGINT signal last will then terminate.
The pseudo user reboot logs in each time the system is rebooted. Thus last reboot will show a log of all reboots since the log file was created.
Lastb is the same as last, except that by default it shows a log of the file /var/log/btmp, which contains all the bad login attempts.
OPTIONS
-f file
Tells last to use a specific file instead of /var/log/wtmp.
-num This is a count telling last how many lines to show.
-n num The same.
-a Display the hostname in the last column. Useful in combination with the next flag.
-F Print full login and logout times and dates.
NOTES
The files wtmp and btmp might not be found. The system only logs information in these files if they are present. This is a local configuration issue. If you want the files to be used, they can be created with a simple touch(1) command (for example, touch /var/log/wtmp).
FILES
/var/log/wtmp
/var/log/btmp
SEE ALSO
shutdown(8), login(1), init(8)
报告最近登录的用户:
$ lastlog
Username Port From Latest
root pts/1 192.168.88.1 Tue Dec 22 22:54:40 +0800 2020
bin **Never logged in**
daemon **Never logged in**
adm **Never logged in**
lp **Never logged in**
sync **Never logged in**
shutdown **Never logged in**
halt **Never logged in**
mail **Never logged in**
operator **Never logged in**
games **Never logged in**
ftp **Never logged in**
nobody **Never logged in**
systemd-network **Never logged in**
dbus **Never logged in**
polkitd **Never logged in**
sshd **Never logged in**
postfix **Never logged in**
mk **Never logged in**
**Never logged in**
代表该用户从未登录。
清除指定用户的最近登录日志:
$ lastlog --clear --user root
命令和部分选项的描述:
NAME
lastlog - reports the most recent login of all users or of a given user
SYNOPSIS
lastlog [options]
DESCRIPTION
lastlog formats and prints the contents of the last login log /var/log/lastlog file. The login-name, port, and last login time will be printed. The default (no flags) causes lastlog entries to be printed, sorted by their order in /etc/passwd.
OPTIONS
The options which apply to the lastlog command are:
-b, --before DAYS
Print only lastlog records older than DAYS.
-C, --clear
Clear lastlog record of a user. This option can be used only together with -u (--user)).
-u, --user LOGIN|RANGE
Print the lastlog record of the specified user(s).
The users can be specified by a login name, a numerical user ID, or a RANGE of users. This RANGE of users can be specified with a min
and max values (UID_MIN-UID_MAX), a max value (-UID_MAX), or a min value (UID_MIN-).
If the user has never logged in the message ** Never logged in** will be displayed instead of the port and time.
Only the entries for the current users of the system will be displayed. Other entries may exist for users that were deleted previously.
NOTE
The lastlog file is a database which contains info on the last login of each user. You should not rotate it. It is a sparse file, so its size on the disk is usually much smaller than the one shown by "ls -l" (which can indicate a really big file if you have in passwd users with a high UID). You can display its real size with "ls -s".
FILES
/var/log/lastlog
Database times of previous user logins.
CAVEATS
Large gaps in UID numbers will cause the lastlog program to run longer with no output to the screen (i.e. if in lastlog database there is
no entries for users with UID between 170 and 800 lastlog will appear to hang as it processes entries with UIDs 171-799).