Linux is an open-source operating system that is used by millions of users worldwide. It is known for its security, reliability, and flexibility. As a system administrator, it is important to keep track of user logins to ensure the security and integrity of your system. In this article, we will discuss how to monitor user logins on Linux.
- Use the last command
The last command is a built-in command in Linux that displays a list of the last logged-in users. It shows the username, terminal, IP address, and login time of each user. To use the last command, simply open the terminal and type “last” followed by the Enter key. You can also filter the results by username or IP address by using the command “last username” or “last IP address”.
- Use the who command
The who command is another built-in command in Linux that displays a list of the currently logged-in users. It shows the username, terminal, and login time of each user. To use the who command, simply open the terminal and type “who” followed by the Enter key.
- Use the journalctl command
The journalctl command is a command-line utility that allows you to view the system logs on Linux. It provides a detailed record of system events, including user logins. To use the journalctl command to view user logins, type “journalctl _SYSTEMD_UNIT=systemd-logind.service” followed by the Enter key. This will display a list of user logins along with other system events.
- Use the auditd tool
The auditd tool is a powerful auditing system that is built into Linux. It allows you to monitor system events, including user logins. To use the auditd tool to monitor user logins, you need to first install it on your system. Once installed, you can use the following commands to enable auditing and view the audit logs:
- To enable auditing, type “sudo auditctl -a exit,always -F arch=b64 -S execve” followed by the Enter key. This will audit all executed commands on your system.
- To view the audit logs, type “sudo ausearch -m USER_LOGIN -ts recent” followed by the Enter key. This will display a list of user logins along with other system events.
- Use third-party tools
There are several third-party tools available for monitoring user logins on Linux. These tools provide a more user-friendly interface and additional features such as real-time notifications and alerts. Some popular third-party tools for monitoring user logins on Linux include:
- Logwatch: A log analysis tool that provides a summary of system events, including user logins.
- Auditd-tools: A set of command-line tools that provide additional functionality for the auditd tool.
- Syslog-ng: A log management tool that allows you to collect, process, and store system logs.
In conclusion, monitoring user logins is an important aspect of system administration on Linux. It allows you to identify potential security threats and ensure the integrity of your system. By using the built-in commands and tools available on Linux, as well as third-party tools, you can easily monitor user logins and keep your system secure.
