Linux uses the three standard commands
last, lastb und lastlog
,
to display information about the last logged in users, including the failed login attempts. The output of these commands includes the login name, the last login time, the IP address, the port and the login duration.
Command |
Log file |
Function |
---|---|---|
last | /var/log/wtmp |
Lists the successful history of login and logout |
lastb | /var/log/btmp |
Shows the incorrect logon attempts |
lastlog | /var/log/lastlog |
Displays the latest login |
This can be tested directly by trial and error.
However, to preserve anonymity, it may be useful to delete the last login history.
As shown in the table, the information about the most recently logged in users, including failed logon attempts, is stored in specific binaries that root can not handle, but can be easily deleted.
Thus, the information can be easily removed by deleting the files as follows.
# echo > /var/log/wtmp
# echo > /var/log/btmp
# echo > /var/log/lastlog