Linux is an incredibly powerful platform that allows you to do just about anything you might want or need. As an admin, that’s a double-edged sword–especially given Linux is a multi-user environment. In other words, more than one user can be logged in at once.
That means admins might find themselves having to track down more information about those logins than they’re accustomed to. For example, what users are logged in, what groups do they belong to, and what have they been doing? Where do you get such information? Have there been failed login attempts?
SEE: Linux file and directory management commands (TechRepublic Premium)
Fortunately, there’s a built-in tool that makes gathering details about a user fairly simple. Log in to your Linux server or desktop and issue the command:
This tool will display information about known users on a system. When running the command without options, it’ll spit out more listings (for both regular and system users) than you need. So let’s make it a bit more helpful.
First, issue the command:
This will ignore system users and list UID, username, the number of processes associated with the user, the last login, and the GECOS entry in the password file.
To get even more information, run the command on a single user, as in:
By issuing the command against a single username, you’ll get extra details like groups, last terminal, and last logs for the user. This is quite helpful, as it gives you insight into what a particular user might have done on the system.
Finally, you can check for failed sudo logins with the command:
sudo lslogins -uf
If a user has attempted and failed a login, you’ll know about it.
If you’re a Linux systems admin, you need to get the lslogins command in your toolkit immediately. Find out more on how lslogins is used by issuing the command:
Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.
Subscribe to the Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays