lastb: command not found

lastb is a command-line tool that shows a listing of last logged in users, specifically for failed login attempts. It is a part of the syslog package and it reads the binary file that contains the list of failed login attempts, usually located at /var/log/btmp.

The lastb command provides a list of all the failed login attempts on the system, including the date and time of the attempt, the username used, and the IP address or hostname of the remote system that attempted to log in. The output can be useful for security purposes, as it can help identify potential intrusion attempts or malicious activity.

By default, the lastb command will show the most recent failed login attempts. You can also specify a time range or a specific username to filter the output. By using the -f option, you can specify a different location of the btmp file. It’s worth noting that the btmp file only keeps track of failed login attempts. Successful login attempts are recorded in the /var/log/wtmp file, and can be displayed with the last command.

If you encounter the below error while running the command lastb:

lastb: command not found

you may try installing the below package as per your choice of distribution:

Distribution Command
Debian apt-get install util-linux
Ubuntu apt-get install util-linux
Alpine apk add util-linux
Arch Linux pacman -S util-linux
Kali Linux apt-get install util-linux
CentOS yum install sysvinit-tools
Fedora dnf install util-linux
OS X brew install util-linux
Raspbian apt-get install util-linux

lastb Command Examples

1. Show a list of all last logged in users:

# sudo lastb

2. Show a list of all last logged in users since a given time:

# sudo lastb --since YYYY-MM-DD

3. Show a list of all last logged in users until a given time:

# sudo lastb --until YYYY-MM-DD

4. Show a list of all logged in users at a specific time:

# sudo lastb --present hh:mm

5. Show a list of all last logged in users and translate the IP into a hostname:

# sudo lastb --dns

Summary

In summary, lastb is a useful command-line tool for security administrators and system administrators who need to monitor failed login attempts on a Linux system. It can help identify potential security breaches and take appropriate action.

Related Post