I'm looking for a log file or any service to report the latest login attempts that have failed due to username/password mismatch. Are there any such utilities available for CentOS? (built-in is preferred)
My second question, and more generally, I need a log file of penetration attempts to my server. Ideally, this log should contain all attempts including logins, httpd activities, and other conventional open ports.
Best Answer
In Linux, the
last
command shows successful login attempts and displays session information (pts, source, date and length).The
lastb
command records all bad login attempts. Both share the sameman
page, but the difference is thatlast
reads the binary/var/log/wtmp
file, andlastb
reads the/var/log/btmp
file by default.The range of these files depends on your log rotation schedule, but it should span a few weeks. Most distributions will rotate
/var/log/wtmp
monthly, so you can read a previous record, usually listed as/var/log/wtmp.1
by specifying the file with the-f
parameter...last -f /var/log/wtmp.1