Home > Package & System Management > lastb

lastb: View Failed Login Attempts

The lastb command displays a list of failed login attempts on the system. It typically reads the /var/log/btmp file, allowing you to see who failed to log in, when, and from which terminal, making it useful for security audits.

Overview

lastb analyzes and outputs the history of failed login attempts recorded in the system's `/var/log/btmp` file. This provides crucial information for detecting unauthorized access attempts or password guessing attacks.

Key Features

  • View records of failed login attempts
  • Used for security audits and system monitoring
  • Log file: /var/log/btmp (binary format)

Common Options

Here are the common options you can use with the lastb command.

Output Control

Generated command:

Try combining the commands.

Description:

`lastb` Executes the command.

Combine the above options to virtually execute commands with AI.

Usage Examples

Here are various examples of how to use the lastb command.

Basic Usage

sudo lastb

Displays all failed login attempt records.

View Last 10 Failed Attempts

sudo lastb -n 10

Displays only the 10 most recent failed login attempts.

View Failed Attempts for a Specific User

sudo lastb root

Displays failed login attempts only for the specified user (e.g., 'root').

Output Without Hostname

sudo lastb -R

Displays failed records excluding the hostname field.

View Records After a Specific Time

sudo lastb -t 20230101000000

Displays failed records from after January 1, 2023, 00:00:00.

Tips & Notes

Useful tips and points to note when using lastb.

Key Information

  • Log File: lastb reads the /var/log/btmp file. This file is in binary format, making it difficult to view directly with a standard text editor.
  • Permissions: The /var/log/btmp file is typically readable only by the root user. Therefore, it's common to use sudo when running the lastb command.
  • Difference from last command: While the last command shows successful login records, lastb shows failed login attempts. Using both commands together provides a comprehensive view of system login activity.
  • Log Rotation: The /var/log/btmp file may be periodically compressed or deleted according to the system's log rotation policy. Therefore, older records may not be preserved.
  • Security Monitoring: The output of lastb is a crucial indicator for detecting unauthorized access attempts, password guessing attacks, or the use of incorrect usernames. Regularly checking it is recommended for monitoring system security.

Same category commands

acl

ACL: Access Control List Management

anacron

anacron: Run periodic commands when the system is not running

ansible

ansible: Remote Server Management and Automation

apropos

apropos: Search Manual Pages

apt

APT (Advanced Package Tool) Command Guide