For monitoring the user activity, we use whoami, id, who, last , finger , w & uptime commands in linux. These commands user monitoring activities are explained with examples.
Whoami Command
This command is used to know, the logged in credential details.
Sample command output:
[root@sys2 ~]# whoami
root
root
Drawback: We can’t know other users details with this.
id Command
id command will display userid, primary and secondary id details of the given user.
Syntax:
id user-name
Example-1:
[root@sys2 ~]# id john uid=501(john) gid=502(dba) groups=502(dba),501(sales)
Note:
In the above example, we have seen a non-root user account information from another non-root user.
Example-2:
If we give no user name details after the id command, then it will display the logged on user name information.
[root@sys2 ~]# id
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
In the above example, as we have logged in as root, it showed the root id details.
last command
Linux last command will explain about server reboots along with different user’s login details history.
Example-1:
[admin@linbox1 log]$ last
admin pts/0 :0 Sun Jul24 10:29 still logged in
admin :0 :0 Sun Jul24 10:29 still logged in
(unknown :0 :0 Sun Jul24 10:18 - 10:29 (00:11)
reboot system boot 3.10.0-327.el7.x Sun Jul24 10:18 - 17:47 (07:29)
admin pts/0 :0 Thu Jun 16 05:47 - 05:48 (00:01)
admin :0 :0 Thu Jun 16 05:47 - 05:48 (00:01)
(unknown :0 :0 Thu Jun 16 05:46 - 05:47 (00:00)
reboot system boot 3.10.0-327.el7.x Thu Jun 16 05:46 - 17:47 (38+12:00)
root pts/0 192.168.1.30 Thu Jun 2 12:17 - down (06:29)
(unknown :0 :0 Thu Jun 2 12:16 - 18:47 (06:30)
reboot system boot 3.10.0-327.el7.x Thu Jun 2 12:16 - 18:47 (06:30)
admin pts/0 :0 Sun Jul24 10:29 still logged in
admin :0 :0 Sun Jul24 10:29 still logged in
(unknown :0 :0 Sun Jul24 10:18 - 10:29 (00:11)
reboot system boot 3.10.0-327.el7.x Sun Jul24 10:18 - 17:47 (07:29)
admin pts/0 :0 Thu Jun 16 05:47 - 05:48 (00:01)
admin :0 :0 Thu Jun 16 05:47 - 05:48 (00:01)
(unknown :0 :0 Thu Jun 16 05:46 - 05:47 (00:00)
reboot system boot 3.10.0-327.el7.x Thu Jun 16 05:46 - 17:47 (38+12:00)
root pts/0 192.168.1.30 Thu Jun 2 12:17 - down (06:29)
(unknown :0 :0 Thu Jun 2 12:16 - 18:47 (06:30)
reboot system boot 3.10.0-327.el7.x Thu Jun 2 12:16 - 18:47 (06:30)
Example-2:
Using last command, we can see a particular user login & logout details history over the period.
#last<username> The user’s login and logout users.
[admin@linbox1 log]$ last admin
admin pts/0 :0 Sun Jul 24 10:29 still logged in
admin :0 :0 Sun Jul 24 10:29 still logged in
admin pts/0 :0 Thu Jun 16 05:47 - 05:48 (00:01)
admin :0 :0 Thu Jun 16 05:47 - 05:48 (00:01)
wtmp begins Thu Jun 2 10:33:13 2016
admin pts/0 :0 Sun Jul 24 10:29 still logged in
admin :0 :0 Sun Jul 24 10:29 still logged in
admin pts/0 :0 Thu Jun 16 05:47 - 05:48 (00:01)
admin :0 :0 Thu Jun 16 05:47 - 05:48 (00:01)
wtmp begins Thu Jun 2 10:33:13 2016
Finger Command
Finger command is used for display user login credentials.
#finger <username> To display the user login details.
#finger <username> To display the user login details.
[root@sys2 ~]# finger john
Login: john Name: systemadmin
Directory: /home/john Shell: /bin/bash
On since Tue Jan 26 18:25 (IST) on pts/3 from 192.168.1.4 11 seconds idle
Login: john Name: systemadmin
Directory: /home/john Shell: /bin/bash
On since Tue Jan 26 18:25 (IST) on pts/3 from 192.168.1.4 11 seconds idle
Uptime Command
This command will show below details.
A number of users presently logged in.
For how many hours/days system is up.
cpu load average
Example:
[admin@linbox1 log]$ uptime
17:58:22 up 5:34, 2 users, load average: 0.00, 0.03, 0.05
17:58:22 up 5:34, 2 users, load average: 0.00, 0.03, 0.05
Who Command
Who command will list out,
User names which are currently logged in
From which terminal they have logged in.
Date & timestamp of their login.
IP address details, if login was from remote machine.
Syntax example:
[root@linbox1 log]# who
admin :0 2016-07-24 10:29 (:0)
admin pts/0 2016-07-24 10:29 (:0)
admin pts/1 2016-07-24 18:01 (:0)
admin :0 2016-07-24 10:29 (:0)
admin pts/0 2016-07-24 10:29 (:0)
admin pts/1 2016-07-24 18:01 (:0)
w command
w command will show combinations of uptime output and who command information.
Check out the below example output,
[root@linbox1 log]# w
18:04:21 up 5:40, 3 users, load average: 0.02, 0.06, 0.05
18:04:21 up 5:40, 3 users, load average: 0.02, 0.06, 0.05
USER TTY FROM LOGIN @ IDLE JCPU PCPU WHAT
admin :0 :0 10:29 ?xdm? 6:28 0.42s gdm-session-worker
[pam/gdm-password]
admin pts/0 :0 10:29 5.00s 0.29s 10.50s /usr/libexec/gnome-
terminal-server
admin pts/1 :0 18:01 2:53 0.07s 0.07s bash
[root@sys2 Packages]# users
root root root root
#lastlog List all last logged in users
#cat /var/log/secure The users login and logout details
admin :0 :0 10:29 ?xdm? 6:28 0.42s gdm-session-worker
[pam/gdm-password]
admin pts/0 :0 10:29 5.00s 0.29s 10.50s /usr/libexec/gnome-
terminal-server
admin pts/1 :0 18:01 2:53 0.07s 0.07s bash
[root@sys2 Packages]# users
root root root root
#lastlog List all last logged in users
#cat /var/log/secure The users login and logout details
If FILE is not specified, use /var/run/utmp. /var/log/wtmp as FILE is common.
Posts
![IVRAMANA](https://draft.blogger.com/img/profile_blank_gray.jpg" title="IVRAMANA)
0 comments:
Post a Comment