Check login activity

CASE #1 – Checking “PHYSICAL” login activity. Use these commands

a.) For checking successful login attempts

last

b.) For checking un-successful login attempts

lastb

CASE #2 – Checking the REMOTE login activity.

cat /var/log/secure* | grep i accepted --color
* is to read from the backup logs also omit if you don’t want to see those. This will show ALL successful remote login attempts.
cat /var/log/secure | grep i sshd --color
This will show all successful remote login attempts using SSH.

God Bless.

Advertisements