本文對(duì) 云服務(wù)器 ECS Linux 查看用戶登錄記錄的方法進(jìn)行簡(jiǎn)要說明程帕。

要點(diǎn)：

用戶登錄的信息通常記錄在 utmp(/var/run/utmp)聋迎、wtmp(/var/log/wtmp)、btmp(/var/log/btmp) 和 lastlog(/var/log/lastlog) 等文件中。
who、w 和 users 等命令通過 utmp(/var/run/utmp) 文件查詢當(dāng)前登錄用戶的信息涉枫。
last 和 ac 命令通過 wtmp(/var/log/wtmp) 文件查詢當(dāng)前與過去登錄系統(tǒng)的用戶的信息探越。
lastb 命令通過 btmp(/var/log/btmp) 文件查詢所有登錄系統(tǒng)失敗的用戶的信息狡赐。
lastlog 命令通過 lastlog(/var/log/lastlog) 文件查詢用戶最后一次登錄的信息。
1.who 命令：顯示當(dāng)前當(dāng)?shù)卿浀挠脩舻男畔?/p>

who

root     pts/0        2015-05-16 12:09 (182.92.253.20)
root     pts/1        2015-05-16 12:54 (182.92.253.20)
root     pts/2        2015-05-16 13:21 (182.92.253.20)
root     pts/3        2015-05-16 13:21 (182.92.253.20)

2.w 命令：顯示登錄的用戶及其當(dāng)前執(zhí)行的任務(wù)

w

 15:41:39 up 5 days,  1:51,  7 users,  load average: 0.00, 0.00, 0.00
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    182.92.253.20    12:09    2:14m  0.05s  0.05s mysql -ujacky -px xxxx 
root     pts/1    182.92.253.20    12:54   34:49   0.35s  0.35s mysql -ujacky -px xxxx
root     pts/2    182.92.253.20    13:21    2:13m  0.00s  0.00s -bash

3.users 命令：顯示當(dāng)前當(dāng)?shù)卿浀挠脩舻挠脩裘?/p>

users

root root root root root root root
4.last 命令：顯示當(dāng)前與過去登錄系統(tǒng)的用戶的信息

# last
root     pts/6        182.92.253.20    Sat May 16 15:31   still logged in   
root     pts/5        182.92.253.20    Sat May 16 15:25   still logged in   
root     pts/4        182.92.253.20    Sat May 16 15:07   still logged in   
root     pts/3        182.92.253.20    Sat May 16 13:21   still logged in 

5.lastb 命令：顯示所有登錄系統(tǒng)失敗的用戶的信息

lastb

root     ssh:notty    46.17.40.55      Sat May 16 02:06 - 02:06  (00:00)    
root     ssh:notty    206.221.188.50   Sat May 16 02:06 - 02:06  (00:00)    
root     ssh:notty    95.173.184.2     Sat May 16 01:58 - 01:58  (00:00)

6.lastlog 命令：顯示用戶最后一次登錄的信息

#lastlog
Username         Port     From             Latest
root             pts/6    182.92.253.20    Sat May 16 15:31:48 +0800 2015
bin                                        **Never logged in**
daemon                                **Never logged in**

7.secure文件查看登錄記錄

cat /var/log/secureu

Jun  9 08:42:10 iZ25bvxoe7qZ sshd[21418]: Accepted password for root from 42.120.74.106 port 32907 ssh2
Jun  9 08:42:10 iZ25bvxoe7qZ sshd[21418]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jun  9 08:42:10 iZ25bvxoe7qZ sshd[21420]: Accepted password for root from 42.120.74.106 port 33969 ssh2
Jun  9 08:42:10 iZ25bvxoe7qZ sshd[21420]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jun  9 08:42:10 iZ25bvxoe7qZ sshd[21420]: subsystem request for sftp by user root 

原文鏈接：https://help.aliyun.com/knowledge_detail/41211.html