Did you know, how to check the creation date of an account on Linux? If you know, what can you do?
Did you succeed? If yes, how to do it?
Basically Linux systems don't track this information, so what are the alternative ways to get this information?
You may ask why am I checking this?
Yes, in some cases you may need to review this information and it will be helpful to you at that time.
You can use the following 7 methods to verify.
It stores all security related messages including authentication failures and authorized privileges. It also tracks sudo logins, SSH logins, and other error logging through the system security daemon.
# grep prakash /var/log/secure Apr 12 04:07:18 centos.2daygeek.com useradd[21263]: new group: name=prakash, GID=501 Apr 12 04:07:18 centos.2daygeek.com useradd[21263]: new user: name=prakash, UID=501, GID=501, home=/home/prakash, shell=/bin/bash Apr 12 04:07:34 centos.2daygeek.com passwd: pam_unix(passwd:chauthtok): password changed for prakash Apr 12 04:08:32 centos.2daygeek.com sshd[21269]: Accepted password for prakash from 103.5.134.167 port 60554 ssh2 Apr 12 04:08:32 centos.2daygeek.com sshd[21269]: pam_unix(sshd:session): session opened for user prakash by (uid=0)
aureport tool can generate summary and columnar reports based on event records recorded in audit logs. By default, it queries all audit.log files in the /var/log/audit/ directory to create reports.
# aureport --auth | grep prakash 46. 04/12/2018 04:08:32 prakash 103.5.134.167 ssh /usr/sbin/sshd yes 288 47. 04/12/2018 04:08:32 prakash 103.5.134.167 ssh /usr/sbin/sshd yes 291
.bash_logout in the home directory has a special meaning for bash. It provides a way to execute commands when the user exits the system.
We can view the change date of .bash_logout in the user's home directory. This file is created when the user logs out for the first time.
# stat /home/prakash/.bash_logout File: `/home/prakash/.bash_logout' Size: 18 Blocks: 8 IO Block: 4096 regular file Device: 801h/2049d Inode: 256153 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 501/ prakash) Gid: ( 501/ prakash) Access: 2017-03-22 20:15:00.000000000 -0400 Modify: 2017-03-22 20:15:00.000000000 -0400 Change: 2018-04-12 04:07:18.283000323 -0400
chage means “change age”. This command lets users manage password expiration information. The chage command can modify the number of days after the last password change date that the password needs to be changed.
The system uses this information to determine when a user must change their password. This is useful if the user has not changed their password since the account creation date.
# chage --list prakash Last password change : Apr 12, 2018 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
useradd command is used to create a new account in Linux. By default it does not add user creation date, we have to add date using "Notes" option.
# useradd -m prakash -c `date +%Y/%m/%d` # grep prakash /etc/passwd prakash:x:501:501:2018/04/12:/home/prakash:/bin/bash
passwd command is used to assign passwords to local accounts or users. If the user did not change their password after the account was created, you can use the passwd command to view the date of the last password change.
# passwd -S prakash prakash PS 2018-04-11 0 99999 7 -1 (Password set, MD5 crypt.)
last command reads /var/log/wtmp and displays a list of all logged in (and logged out) users since the file was created.
# last | grep "prakash" prakash pts/2 103.5.134.167 Thu Apr 12 04:08 still logged in
The above is the detailed content of 7 ways to help you check the registration date of Linux users. For more information, please follow other related articles on the PHP Chinese website!