Identifying Who is Logging Into Your Linux Servers

If you wish to pull a report to scrutinize who’s logging into your Linux server and ascertain their frequency, the commands discussed in this blog could be of significant benefit. Logins on Linux are recorded in a log file, and one can extract this data conveniently – particularly when armed with specific commands prepared to sift through the various fields of data.

Initially, it’s crucial to understand that root permissions are not necessary to gather this data. It’s compiled in the wtmp file, which stores login data. Every user can read this file. Below is an example of a command that illuminates the file permissions. It’s evident that all users have been provided with read access, yet only root users and privileged group members have writing permissions:

To delve into the contents of the file, one would typically utilize the who command (e.g., who /var/log/wtmp). However, there can be an issue that with busy servers, this command may elicit hundreds of lines of results. Highlighted below are a few sample lines visible when output from the who command is directed to the head command:

The number of entries can be identified by directing the output of the who command to the wc -l command (e.g., who /var/log/wtmp | wc -l). Alternatively, for an overview of login frequencies and corresponding users, a command such as this can offer important insights as it yields per-user login count:

The command mentioned above classifies the file’s lines, restricts the display to the primary sector (the user’s name), and enumerates the lines for each distinct user. You can simply set up an alias that delivers counts such as these:

Although the command does not reveal the duration for which each user was logged in, it provides an insight into how frequently users interact with the system.

In order to discover the length of time for which presently logged in users have been active, the ‘last’ command can be utilized.

The ‘w’ command demonstrates when the currently active users had logged in and the duration of their idleness.

The load averages displayed in the initial output line are indicators of the computational tasks the system is carrying out. Ideally, all these figures should be less than the quantity of CPUs in the system. Greater figures represent an issue or a machine under heavy load.

The ac -p commands can exhibit the duration logged in by users as a number of hours.

When you oversee Linux servers, it becomes essential to comprehend their usage extent and the users exerting the heaviest load. Your busiest servers may necessitate more supervision and higher interaction with your users.

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Article

Decoding Israel's Successful Defense Against Iran's Drone and Missile Attack

Next Article

Fallout 76 Breaks New Record with Highest Concurrent Player Count on Steam

Related Posts