Securing the list of last logged in users

The command ‘last‘ lists the times and dates of successful logins. The command ‘lastb‘ lists unsuccessful attempts. I found that both unnecessarily had public read access on most of my Ubuntu servers.

Two log files provide the data used by last and lastb. Both can be secured by changing the permission to 660.

sudo ls -l /var/log/?tmp
sudo chmod 660 /var/log/?tmp
sudo ls -l /var/log/?tmp

Afterwards, to list successful logins, use:-

sudo last

To list unsuccessful logins, use:-

sudo lastb

Leave a Response