LabEx
Log In Join For Free

Linux lastb Command with Practical Examples

LinuxLinuxBeginner
Practice Now

Introduction

In this lab, we will explore the Linux lastb command, which is used to display information about failed login attempts on the system. The lastb command provides valuable insights into potential security threats and user activity, helping system administrators and security professionals monitor the system more effectively.

We will start by understanding the purpose of the lastb command, then dive into its syntax and available options. Finally, we will analyze the output of the lastb command to identify patterns of failed login attempts and take appropriate actions to secure the system.

Linux Commands Cheat Sheet

Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL linux(("`Linux`")) -.-> linux/BasicFileOperationsGroup(["`Basic File Operations`"]) linux(("`Linux`")) -.-> linux/TextProcessingGroup(["`Text Processing`"]) linux(("`Linux`")) -.-> linux/UserandGroupManagementGroup(["`User and Group Management`"]) linux/BasicFileOperationsGroup -.-> linux/tail("`File End Display`") linux/TextProcessingGroup -.-> linux/grep("`Pattern Searching`") linux/UserandGroupManagementGroup -.-> linux/sudo("`Privilege Granting`") subgraph Lab Skills linux/tail -.-> lab-422756{{"`Linux lastb Command with Practical Examples`"}} linux/grep -.-> lab-422756{{"`Linux lastb Command with Practical Examples`"}} linux/sudo -.-> lab-422756{{"`Linux lastb Command with Practical Examples`"}} end

Understand the Purpose of the lastb Command

In this step, we will explore the purpose of the lastb command in Linux. The lastb command is used to display information about failed login attempts on the system.

The lastb command provides valuable information that can help system administrators and security professionals identify potential security threats and monitor user activity on the system.

Let's start by running the lastb command:

sudo lastb

Example output:

labex   tty1                         Fri Apr 14 12:34:56 2023 - Fri Apr 14 12:35:01 2023 (00:00)
root    tty1                         Fri Apr 14 12:33:51 2023 - Fri Apr 14 12:34:01 2023 (00:00)
labex   tty1                         Fri Apr 14 12:32:46 2023 - Fri Apr 14 12:33:01 2023 (00:00)
root    tty1                         Fri Apr 14 12:31:41 2023 - Fri Apr 14 12:32:01 2023 (00:00)

The output shows the username, terminal, login time, and duration of failed login attempts. This information can be used to identify patterns of failed login attempts, which may indicate an attempted security breach or unauthorized access to the system.

Explore the Syntax and Options of the lastb Command

In this step, we will explore the syntax and available options of the lastb command.

The basic syntax of the lastb command is:

sudo lastb [options] [username]

Here are some common options for the lastb command:

  • -a: Display the hostname or IP address of the remote host.
  • -d: Display the details of the login session, including the terminal name and login/logout times.
  • -f: Display the full username, including the domain name.
  • -n <number>: Display the last <number> of failed login attempts.
  • -p: Display the PID (process ID) of the login process.
  • -R: Reverse the order of the output, displaying the most recent failed login attempts first.

Let's try some of these options:

## Display the last 5 failed login attempts with details
sudo lastb -d -n 5

## Display the failed login attempts with the hostname or IP address
sudo lastb -a

## Reverse the order of the output
sudo lastb -R

Example output:

labex   tty1                         Fri Apr 14 12:34:56 2023 - Fri Apr 14 12:35:01 2023 (00:00)
root    tty1                         Fri Apr 14 12:33:51 2023 - Fri Apr 14 12:34:01 2023 (00:00)
labex   tty1                         Fri Apr 14 12:32:46 2023 - Fri Apr 14 12:33:01 2023 (00:00)
root    tty1                         Fri Apr 14 12:31:41 2023 - Fri Apr 14 12:32:01 2023 (00:00)
labex   tty1                         Fri Apr 14 12:30:36 2023 - Fri Apr 14 12:31:01 2023 (00:00)

The output shows the different information that can be obtained using the various options of the lastb command.

Analyze Failed Login Attempts Using the lastb Command

In this final step, we will learn how to analyze the information provided by the lastb command to identify potential security issues and monitor user activity on the system.

First, let's generate some additional failed login attempts to have more data to analyze:

## Simulate some failed login attempts
for i in {1..5}; do
  sudo su - -c "echo 'wrong password' | su - labex"
done

Now, let's use the lastb command to analyze the failed login attempts:

## Display the last 10 failed login attempts
sudo lastb -n 10

Example output:

labex   tty1                         Fri Apr 14 12:34:56 2023 - Fri Apr 14 12:35:01 2023 (00:00)
root    tty1                         Fri Apr 14 12:33:51 2023 - Fri Apr 14 12:34:01 2023 (00:00)
labex   tty1                         Fri Apr 14 12:32:46 2023 - Fri Apr 14 12:33:01 2023 (00:00)
root    tty1                         Fri Apr 14 12:31:41 2023 - Fri Apr 14 12:32:01 2023 (00:00)
labex   tty1                         Fri Apr 14 12:30:36 2023 - Fri Apr 14 12:31:01 2023 (00:00)
labex   tty1                         Fri Apr 14 12:29:31 2023 - Fri Apr 14 12:30:01 2023 (00:00)
root    tty1                         Fri Apr 14 12:28:26 2023 - Fri Apr 14 12:29:01 2023 (00:00)
labex   tty1                         Fri Apr 14 12:27:21 2023 - Fri Apr 14 12:28:01 2023 (00:00)
root    tty1                         Fri Apr 14 12:26:16 2023 - Fri Apr 14 12:27:01 2023 (00:00)
labex   tty1                         Fri Apr 14 12:25:11 2023 - Fri Apr 14 12:26:01 2023 (00:00)

From the output, we can see that there have been several failed login attempts for both the labex and root users. This could indicate an attempted security breach or unauthorized access to the system.

To further analyze the failed login attempts, we can use the lastb command with additional options:

## Display the failed login attempts with the hostname or IP address
sudo lastb -a

## Display the failed login attempts in reverse order
sudo lastb -R

By analyzing the output of the lastb command, you can identify patterns of failed login attempts, such as the usernames, terminals, and time of the attempts. This information can help you take appropriate security measures to protect your system.

Summary

In this lab, we explored the purpose and usage of the lastb command in Linux. The lastb command is used to display information about failed login attempts on the system, which can help system administrators and security professionals identify potential security threats and monitor user activity.

We learned how to run the lastb command to view the username, terminal, login time, and duration of failed login attempts. We also explored various options for the lastb command, such as displaying the hostname or IP address of the remote host, the details of the login session, and the last number of failed login attempts. These features provide valuable information for analyzing and investigating security incidents on the system.

Linux Commands Cheat Sheet

Other Linux Tutorials you may like

Related Linux Courses
Quick Start with Linux

Quick Start with Linux

LinuxShell
Beginner
Linux for Noobs

Linux for Noobs

LinuxShell
Intermediate
Practice Linux Commands

Practice Linux Commands

LinuxShell
Beginner

We use cookies for a number of reasons, such as keeping the website reliable and secure, to improve your experience on our website and to see how you interact with it. By accepting, you agree to our use of such cookies. Privacy Policy