7 ways to help you check the registration date of Linux users

Did you know, how to check the creation date of an account on Linux? If you know, what can you do?

Did you succeed? If yes, how to do it?

Basically Linux systems don't track this information, so what are the alternative ways to get this information?

You may ask why am I checking this?

Yes, in some cases you may need to review this information and it will be helpful to you at that time.

You can use the following 7 methods to verify.

• Use /var/log/secure
• Use aureport tool
• Use .bash_logout
• Use chage command
• Use useradd command
• Use passwd command
• Use last command

Method 1: Use /var/log/secure

It stores all security related messages including authentication failures and authorized privileges. It also tracks sudo logins, SSH logins, and other error logging through the system security daemon.

# grep prakash /var/log/secure
Apr 12 04:07:18 centos.2daygeek.com useradd[21263]: new group: name=prakash, GID=501
Apr 12 04:07:18 centos.2daygeek.com useradd[21263]: new user: name=prakash, UID=501, GID=501, home=/home/prakash, shell=/bin/bash
Apr 12 04:07:34 centos.2daygeek.com passwd: pam_unix(passwd:chauthtok): password changed for prakash
Apr 12 04:08:32 centos.2daygeek.com sshd[21269]: Accepted password for prakash from 103.5.134.167 port 60554 ssh2
Apr 12 04:08:32 centos.2daygeek.com sshd[21269]: pam_unix(sshd:session): session opened for user prakash by (uid=0)

Method 2: Use aureport tool

aureport tool can generate summary and columnar reports based on event records recorded in audit logs. By default, it queries all audit.log files in the /var/log/audit/ directory to create reports.

# aureport --auth | grep prakash
46. 04/12/2018 04:08:32 prakash 103.5.134.167 ssh /usr/sbin/sshd yes 288
47. 04/12/2018 04:08:32 prakash 103.5.134.167 ssh /usr/sbin/sshd yes 291

Method 3: Use .bash_logout

.bash_logout in the home directory has a special meaning for bash. It provides a way to execute commands when the user exits the system.

We can view the change date of .bash_logout in the user's home directory. This file is created when the user logs out for the first time.

# stat /home/prakash/.bash_logout
 File: `/home/prakash/.bash_logout'
 Size: 18 Blocks: 8 IO Block: 4096 regular file
Device: 801h/2049d Inode: 256153 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 501/ prakash) Gid: ( 501/ prakash)
Access: 2017-03-22 20:15:00.000000000 -0400
Modify: 2017-03-22 20:15:00.000000000 -0400
Change: 2018-04-12 04:07:18.283000323 -0400

Method 4: Use chage command

chage means “change age”. This command lets users manage password expiration information. The chage command can modify the number of days after the last password change date that the password needs to be changed.

The system uses this information to determine when a user must change their password. This is useful if the user has not changed their password since the account creation date.

# chage --list prakash
Last password change : Apr 12, 2018
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7

Method 5: Use useradd command

useradd command is used to create a new account in Linux. By default it does not add user creation date, we have to add date using "Notes" option.

# useradd -m prakash -c `date +%Y/%m/%d`
# grep prakash /etc/passwd
prakash:x:501:501:2018/04/12:/home/prakash:/bin/bash

Method 6: Use passwd command

passwd command is used to assign passwords to local accounts or users. If the user did not change their password after the account was created, you can use the passwd command to view the date of the last password change.

# passwd -S prakash
prakash PS 2018-04-11 0 99999 7 -1 (Password set, MD5 crypt.)

Method 7: Use last command

The

last command reads /var/log/wtmp and displays a list of all logged in (and logged out) users since the file was created.

# last | grep "prakash"
prakash pts/2 103.5.134.167 Thu Apr 12 04:08 still logged in

The above is the detailed content of 7 ways to help you check the registration date of Linux users. For more information, please follow other related articles on the PHP Chinese website!