Skip to content

Calculate last failed login user with source ip in Linux

homepage-banner

Introduction

Security is a major concern when it comes to computer systems. As a Linux user, you might want to know which user accounts have failed login attempts and where the attempts originate, in order to identify potential security threats. In this blog post, we will discuss how to calculate the last failed login user with source IP in Linux.

As a system administrator, it is important to monitor and track failed login attempts on your Linux system. This can help you identify potential security threats and take corrective actions before any damage is done. In this blog post, we will discuss how to calculate the last failed login user with the source IP in Linux.

Last Failed Login User

To find the last failed login user, you can use the lastb command in Linux. The lastb command shows all failed login attempts, along with the time and source IP address. The following command will display the last failed login user:

sudo lastb -i | head -1

This command will show the most recent failed login attempt, along with the source IP address and username.

Source IP Address

To find the source IP address of failed login attempts, you can use the lastb command with the -i option. This option displays the IP address of the system from which the login attempt was made. The following command will show the source IP address of the most recent failed login attempt:

sudo lastb -i | awk '{print $3}' | head -1

This command will display the source IP address of the most recent failed login attempt.

Combining Both

To combine both commands to display the last failed login user with source IP address, you can use the following command:

sudo lastb -i | head -1 | awk '{print "User:", $1, "Source IP:", $3}'

This command will display the last failed login user with source IP address.

Reference command

sudo lastb |grep ssh \
  |awk '{ count[$3]++} END{ for(ip in count) print ip, ": " count[ip]}' \
  |sort -nrk 3

Conclusion

In conclusion, knowing the last failed login user and source IP address in Linux can help identify potential security threats. By using the lastb command with the appropriate options, you can easily calculate this information. It is always important to keep your system secure and up-to-date with the latest security patches.

Leave a message