Switch from lastlogin to lsogins
Debian 13 dropped lastlogin, replaced with lastlogin2 which is an extra install. Switch to lslogins, which also makes parsing much easier
This commit is contained in:
Clemens Schwaighofer
@@ -266,7 +266,7 @@ If not set it defaults to allow, if a user_list.txt file with this user exist it
|
||||
|
||||
There are two scripts that can be user to check if and when the user has logged in the last time.
|
||||
|
||||
Because of users who do not open shells (for example sftp users) we cannot rely on lastlog, so a script called `collect_login_data.sh` exists that parses the systemd logind info or /var/log/secure for user authentication data.
|
||||
Because of users who do not open shells (for example sftp users) we cannot rely on lslogins, so a script called `collect_login_data.sh` exists that parses the systemd logind info or /var/log/secure for user authentication data.
|
||||
|
||||
Data is stored in `auth-log/user_auth.log` folder as `user;last login date`
|
||||
|
||||
@@ -278,7 +278,7 @@ This script should be run every day via crontab as root:
|
||||
|
||||
The script `check_last_login.sh` will go through the ssh allow groups (sshallow/sshforward) users and flag out those that have not logged in, in the last 60 days and recommend to lock them. The script will also check for user accounts that never logged in and where created in the last 30 days and recomment to lock them too.
|
||||
|
||||
This script will first check the `auth-log/user_auth.log` file, then lastlog output and finally check for creation time in passwd file or home director for when the user was created.
|
||||
This script will first check the `auth-log/user_auth.log` file, then lslogins output and finally check for creation time in passwd file or home director for when the user was created.
|
||||
|
||||
Currently only information is printed out and no action is done itself.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user