Linux 登入安全性介紹,很多系統管理員都會忽略這塊,有興趣的可以參考看看
1. 登入記錄查詢
| 指令 |
說明 |
存放路徑 |
| last |
查看登入登出重新開機紀錄 |
/var/log/wtmp |
| lastb |
查看登入失敗資訊 |
/var/log/btmp |
| lastlog |
查看所有使用者登入紀錄 |
/var/log/lastlog |
| w |
查看誰登入了並且正在做什麼 |
/var/run/utmp |
#last
使用者 / tty / 登入IP /登入日期 /持續時間
root pts/0 192.168.1.129 Thu Mar 17 14:12 still logged in
root pts/1 10.0.0.3 Wed Mar 9 23:14 - 00:34 (01:20)
apple pts/0 10.0.0.3 Wed Mar 9 23:07 - 00:34 (01:26)
root pts/0 10.0.0.3 Wed Mar 9 22:15 - 22:59 (00:43)
root pts/0 10.0.0.3 Tue Mar 8 21:11 - 00:31 (03:20)
fred pts/0 192.168.1.129 Tue Mar 8 16:56 - 18:01 (01:04)
root pts/0 192.168.1.129 Tue Mar 8 10:16 - 14:51 (04:34)
tony pts/0 192.168.1.30 Mon Mar 7 14:46 - 18:01 (03:14)
#lastb
使用者 / SSH / 登入IP / 登入時間 /持續時間
root ssh:notty 192.168.1.129 Thu Mar 17 14:12 - 14:12 (00:00)
user ssh:notty 192.168.1.129 Tue Mar 8 10:16 - 10:16 (00:00)
user ssh:notty 192.168.1.129 Tue Mar 8 10:16 - 10:16 (00:00)
user ssh:notty 192.168.1.129 Tue Mar 8 10:16 - 10:16 (00:00)
root ssh:notty 192.168.1.30 Thu Mar 3 22:00 - 22:00 (00:00)
#lastlog
Username Port From Latest
root pts/1 192.168.1.129 Thu Mar 17 15:46:56 +0800 2016
bin **Never logged in**
daemon **Never logged in**
adm **Never logged in**
lp **Never logged in**
sync **Never logged in**
shutdown **Never logged in**
...以下省略...
#w
16:10:48 up 23 days, 22:58, 2 users, load average: 0.16, 0.05, 0.06
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.1.129 14:12 0.00s 0.02s 0.00s w
root pts/1 192.168.1.129 15:46 10:24 0.00s 0.00s -bash
Note: 想要清除以上資料
#cat /dev/null > /var/log/wtmp
#cat /dev/null > /var/log/btmp
#cat /dev/null > /var/log/lastlog
#cat /dev/null > /var/run/utmp
壞一點,鎖定檔案不能被修改 (其實這是怕檔案不小心誤刪或者修改所使用)
#chattr +i /var/log/wtmp
#chattr +i /var/log/btmp
#chattr +i /var/log/lastlog
#chattr +i /var/run/utmp