感谢您的反馈!
免责声明: 本文档可能包含第三方产品信息,该信息仅供参考。阿里云对第三方产品的性能、可靠性以及操作可能带来的潜在影响,不做任何暗示或其他形式的承诺。
本文介绍在Linux系统的ECS实例获取用户登录记录的方法。
相关文件说明如下。
/var/run/utmp
、/var/log/wtmp
、/var/log/btmp
、/var/log/lastlog
等文件中。/var/run/utmp
文件查询当前登录用户的信息。/var/log/wtmp
文件查询当前与过去登录系统的用户的信息。/var/log/btmp
文件查询所有登录系统失败的用户的信息。/var/log/lastlog
文件查询用户最后一次登录的信息。
相关命令功能与返回结果如下所示。
# who root pts/0 2015-05-16 12:09 (XXX.XXX.XXX.XXX) root pts/1 2015-05-16 12:54 (XXX.XXX.XXX.XXX) root pts/2 2015-05-16 13:21 (XXX.XXX.XXX.XXX) root pts/3 2015-05-16 13:21 (XXX.XXX.XXX.XXX)
# w 15:41:39 up 5 days, 1:51, 7 users, load average: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 XXX.XXX.XXX.XXX 12:09 2:14m 0.05s 0.05s mysql -ujacky -px xxxx root pts/1 XXX.XXX.XXX.XXX 12:54 34:49 0.35s 0.35s mysql -ujacky -px xxxx root pts/2 XXX.XXX.XXX.XXX 13:21 2:13m 0.00s 0.00s -bash
# users root root root root root root root
# last root pts/6 XXX.XXX.XXX.XXX Sat May 16 15:31 still logged in root pts/5 XXX.XXX.XXX.XXX Sat May 16 15:25 still logged in root pts/4 XXX.XXX.XXX.XXX Sat May 16 15:07 still logged in root pts/3 XXX.XXX.XXX.XXX Sat May 16 13:21 still logged in
# lastb root ssh:notty XXX.XXX.XXX.XXX Sat May 16 02:06 - 02:06 (00:00) root ssh:notty XXX.XXX.XXX.XXX Sat May 16 02:06 - 02:06 (00:00) root ssh:notty XXX.XXX.XXX.XXX Sat May 16 01:58 - 01:58 (00:00)
#lastlog Username Port From Latest root pts/6 XXX.XXX.XXX.XXX Sat May 16 15:31:48 +0800 2015 bin **Never logged in** daemon **Never logged in**
#cat /var/log/secureu Jun 9 08:42:10 iZ25bvxoe7qZ sshd[21418]: Accepted password for root from XXX.XXX.XXX.XXX port 32907 ssh2 Jun 9 08:42:10 iZ25bvxoe7qZ sshd[21418]: pam_unix(sshd:session): session opened for user root by (uid=0) Jun 9 08:42:10 iZ25bvxoe7qZ sshd[21420]: Accepted password for root from XXX.XXX.XXX.XXX port 33969 ssh2 Jun 9 08:42:10 iZ25bvxoe7qZ sshd[21420]: pam_unix(sshd:session): session opened for user root by (uid=0) Jun 9 08:42:10 iZ25bvxoe7qZ sshd[21420]: subsystem request for sftp by user root