Use the linux last command: The last Command lists the content of the wtmp file in the/var/log directory, which stores binary content, it cannot be opened directly using text boundary software such as vi. in this way, even the root user cannot modify the file content at will. the list includes the user name, terminal number, IP address, and logon time. the most important thing is the logon time and IP address.
Use the linux last command:
The last Command lists the content of the wtmp file in the/var/log Directory. this file stores binary content and cannot be opened directly using text boundary software such as vi. in this way, even the root user cannot modify the file content at will. the list includes the user name, terminal number, IP address, and logon time. the most important thing is the logon time and IP address, if you see an illegal IP address in this command or a login behavior at a time you have not performed, you are probably already logged on !!!
Last directly lists all the content of the file. you can use last | more or less to split the screen.
Last-d displays the IP address as the host name.
Last + user name to list all login behaviors of this user
Lastb lists the content of the btmp file in the/var/log directory.
The lastb command lists all user information that failed to log on. This file can be used to determine if someone is scanning your system !!