lastb – List Information about Users who Failed to Log in to the System

The lastb command is used to list information about users who failed to log in to the system. It reads the /var/log/btmp file, which contains a log of all failed login attempts. This command is useful for system administrators who need to monitor failed login attempts and investigate potential security breaches.

Overview

The lastb command is simple to use and does not require any special privileges. To use it, simply open a terminal window and type lastb followed by any options you want to use.

Here is an example of how to use the lastb command:

lastb -w

This command will display a list of failed login attempts, including the username, source IP address, and date and time of the attempt. The -w option is used to display the results in wide format, which makes it easier to read.

Another useful option is -n, which can be used to limit the number of results displayed. For example, if you only want to see the 10 most recent failed login attempts, you can use the following command:

lastb -n 10

Options

The following table lists all available options for the lastb command:

Troubleshooting Tips

If you are having trouble using the lastb command, here are some troubleshooting tips:

• Make sure you are running the command as a user with read access to the /var/log/btmp file.
• If you are not seeing any results, try using the -f option to specify a different log file.
• If you are seeing unexpected results, make sure you are using the correct options and syntax.

Notes

• The /var/log/btmp file is owned by the root user and can only be read by users with appropriate permissions.
• The lastb command does not display information about successful login attempts. For that, you can use the last command.
• The lastb command is not available on all Linux distributions. If it is not installed on your system, you may need to install it using your package manager.