Solved: lastb command not working or utmp file not updating.
Today we will look at the solution of two issues w.r.t lastb command.
lastb command by default shows details of all the bad login attempts.
Issue 1: last command display error message
[root@nglinux ~]# lastb lastb: /var/log/btmp: No such file or directory Perhaps this file was removed by the operator to prevent logging lastb info.
Solution
The solution to above error message is to create /var/log/btmp file.
[root@nglinux ~]# touch /var/log/btmp
[root@nglinux ~]#
Note:- Above solution will not work unless you
change the file permission to 600, see solution 2 below.
Issue 2: lastb file not showing any output i.e. not updating failed login data.
Try to login with some user from another terminal and check if file is updated and we see it remains with zero size.
[root@nglinux ~]# lastb btmp begins Sun Jun 2 07:17:25 2019 [root@nglinux ~]# ls -l /var/log/btmp -rw-r--r--. 1 root root 0 Jun 2 07:17 /var/log/btmp
Solution
The file is not updating since its permission is not 600.
We need to remove read permission for other users to enable its working.
[root@nglinux ~]# ls -l /var/log/btmp -rw-r--r--. 1 root root 0 Jun 2 07:17 /var/log/btmp ### Lets change its permissions [root@nglinux ~]# chmod 600 /var/log/btmp [root@nglinux ~]# [root@nglinux ~]# ls -l /var/log/btmp -rw-------. 1 root root 768 Jun 2 07:27 /var/log/btmp
Testing
[root@nglinux ~]# lastb btmp begins Sun Jun 2 07:27:07 2019 ### Now do some failed login attempts ### And see the file is updated. [root@nglinux ~]# lastb build ssh:notty 172.21.49.169 Sun Jun 2 07:27 - 07:27 (00:00) build ssh:notty 172.21.49.169 Sun Jun 2 07:27 - 07:27 (00:00) btmp begins Sun Jun 2 07:27:17 2019 [root@nglinux ~]#