If you experience any difficulty in accessing content on our website, please contact us at 1-866-333-8917 or email us at support@chicagovps.net and we will make every effort to assist you.

April 16, 2024

Identifying Who’s Accessing Your Linux Servers


If you’re curious to discover who has been accessing your Linux server and the frequency of their logins, the commands outlined in this post will be exceedingly beneficial. Login details for Linux are stored in a log file that can be easily analyzed using a few straightforward commands that can classify the data based on different parameters.

Firstly, it’s important to note that you don’t need root access to extract this data. The information is held in the wtmp file, a file that is available for everyone to read. Below is an example command that demonstrates the permissions pertaining to this file. It’s evident that everyone is granted read access, however, write privileges are exclusive to root users and other privileged group members:

To scrutinize the content within the file, the use of the who command (for instance, who /var/log/wtmp) is required. The complication arises when dealing with a heavily trafficked server, the outcome being hundreds of lines of output. Notably, the following lines of output are generated when the results of the who command are passed onto the head command:

Number of entries can be calculated by directing the output of the who command to the wc -l command (example: who /var/log/wtmp | wc -l). Alternatively, to gain an overview of login frequency, the following command will produce more insightful information by providing counts of logins based on individual users:

The command above categorizes the data lines in the file, revealing only the primary area (the username), and subsequently quantifies the instances of each individual user. It is convenient to establish an alias that presents these kinds of quantities:

Though the command doesn’t display the duration each user was signed in, it provides an overview of how much the system is utilized by the users.

To observe the period that currently signed in users have stayed logged in, the last command can come in handy.

The w command can furnish information on when the current users logged in and the duration of their idleness.

The load averages illustrated in the above introduction are indicators of the computing assignments your system is carrying out. Ideally, these figures should always stay below the count of CPUs in your system. Figures exceeding this are indicative of an issue or an overloaded device.

The ac -p instruction provides a measure of the duration users have been logged in, expressed in hours.

For those managing Linux servers, it’s beneficial to comprehend their degree of usage as well as identifying the users putting the most strain on the system. Your most active servers may necessitate heightened observation and communication with your user base.

ChicagoVPS is your gateway to unparalleled hosting solutions. Our state-of-the-art datacenters and powerful network ensures lightning-fast speeds and uninterrupted connectivity for your websites and applications. Whether you’re a startup looking for scalable resources or an enterprise in need of enterprise-grade hosting, our range of plans and customizable solutions guarantee a perfect fit. Trust in ChicagoVPS to deliver excellence, combining unmatched reliability and top-tier support.

For Inquiries or to receive a personalized quote, please reach out to us through our contact form here or email us at sales@chicagovps.net.

Subscribe Email