Live Linux Forensics training coming up @WWHackinFest Deadwood! Let's do some daily Linux Forensics trivia as a lead-up! wildwesthackinfest.com/deadw…
34
50
2
95
Trivia Answer #26 - I should have been more specific here. I was looking for logs that track successful user logins over time and I was thinking of Syslog's LOG_AUTHPRIV stream (usually /var/log/auth.log or .../secure), the wtmp file, and the audit.log.
Oct 2, 2022 · 11:41 AM UTC
2
1
However, @ldsopreload mentioned several other places where login information is tracked, including the btmp (failed logins), and lastlog (detail on most recent login for each user) logs.