How do I see if and when someone logged in my accountHow to select which account is logged in at system...
Is Electric Central Heating worth it if using Solar Panels?
Can a barbarian keep raging if she shoves an enemy on her turn?
Injection into a proper class and choice without regularity
What is purpose of DB Browser(dbbrowser.aspx) under admin tool?
Partitioning values in a sequence
Unknown code in script
Can I criticise the more senior developers around me for not writing clean code?
How much cash can I safely carry into the USA and avoid civil forfeiture?
Can a level 2 Warlock take one level in rogue, then continue advancing as a warlock?
Don’t seats that recline flat defeat the purpose of having seatbelts?
What is the most expensive material in the world that could be used to create Pun-Pun's lute?
Do I need to watch Ant-Man and the Wasp and Captain Marvel before watching Avengers: Endgame?
Where was the County of Thurn und Taxis located?
What is /etc/mtab in Linux?
Cayley's Matrix Notation
Can a stored procedure reference the database in which it is stored?
Island of Knights, Knaves and Spies
As an international instructor, should I openly talk about my accent?
What does "function" actually mean in music?
std::unique_ptr of base class holding reference of derived class does not show warning in gcc compiler while naked pointer shows it. Why?
Critique of timeline aesthetic
Co-worker works way more than he should
Why must Chinese maps be obfuscated?
Are there moral objections to a life motivated purely by money? How to sway a person from this lifestyle?
How do I see if and when someone logged in my account
How to select which account is logged in at system startup, or none?When Ubuntu asks for an admin user's password, how does it decide which administrative user to ask for?How do I show recently logged in users in GDM?Creating user account & pasting files in Desktop remotely?Can't do sudo commands on a user account that has no passwordFiles which tell that someone has accessed your computerCan i prevent my system reading any USB files?can someone remotely access your ubuntu user account on your computer if they steal your ubuntu username and passwordOnly Guest Account on new Ubuntu laptop!How can I see the email address and other details entered when users are created?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}
So, I need to know when my account in ubuntu is accessed. Is there any command that will show me the Exact Time when that happened.
I need this because I suspect someone is remotely controlling my computer, and changing things.
security users
asked 16 hours ago
Axolotl101Axolotl101
161
New contributor
Axolotl101 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
So, I need to know when my account in ubuntu is accessed. Is there any command that will show me the Exact Time when that happened.
I need this because I suspect someone is remotely controlling my computer, and changing things.
security users
asked 16 hours ago
Axolotl101Axolotl101
161
New contributor
Axolotl101 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Excellent question to find out when a user logged in and for how long. Managers can use this to track employee activity. Time Share providers (called Cloud these days) can use it for client billing backup purposes I guess. I'm surprised it's not a duplicate question.
– WinEunuuchs2Unix
5 hours ago
add a comment |
So, I need to know when my account in ubuntu is accessed. Is there any command that will show me the Exact Time when that happened.
I need this because I suspect someone is remotely controlling my computer, and changing things.
security users
asked 16 hours ago
Axolotl101Axolotl101
161
New contributor
Axolotl101 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
So, I need to know when my account in ubuntu is accessed. Is there any command that will show me the Exact Time when that happened.
I need this because I suspect someone is remotely controlling my computer, and changing things.
security users
security users
asked 16 hours ago
Axolotl101Axolotl101
161
New contributor
Axolotl101 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 16 hours ago
Axolotl101Axolotl101
161
New contributor
Axolotl101 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 16 hours ago
Axolotl101Axolotl101
161
New contributor
Axolotl101 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 16 hours ago
Axolotl101Axolotl101
161
asked 16 hours ago
Axolotl101Axolotl101
161
161
New contributor
Axolotl101 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Axolotl101 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Axolotl101 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Excellent question to find out when a user logged in and for how long. Managers can use this to track employee activity. Time Share providers (called Cloud these days) can use it for client billing backup purposes I guess. I'm surprised it's not a duplicate question.
– WinEunuuchs2Unix
5 hours ago
add a comment |
Excellent question to find out when a user logged in and for how long. Managers can use this to track employee activity. Time Share providers (called Cloud these days) can use it for client billing backup purposes I guess. I'm surprised it's not a duplicate question.
– WinEunuuchs2Unix
5 hours ago
Excellent question to find out when a user logged in and for how long. Managers can use this to track employee activity. Time Share providers (called Cloud these days) can use it for client billing backup purposes I guess. I'm surprised it's not a duplicate question.
– WinEunuuchs2Unix
5 hours ago
Excellent question to find out when a user logged in and for how long. Managers can use this to track employee activity. Time Share providers (called Cloud these days) can use it for client billing backup purposes I guess. I'm surprised it's not a duplicate question.
– WinEunuuchs2Unix
5 hours ago
add a comment |
2 Answers
2
active
oldest
votes
last command to the rescue
The last command shows by a given user name or all user names:
$ last rick
rick tty7 :0 Wed Apr 24 16:25 gone - no logout
rick tty8 :1 Wed Apr 24 16:24 - down (00:00)
rick tty7 :0 Tue Apr 23 20:12 - down (20:06)
rick tty7 :0 Tue Apr 23 18:30 - crash (01:42)
(...SNIP...)
rick tty7 :0 Tue Apr 2 16:52 - down (00:31)
rick tty7 :0 Tue Apr 2 03:14 - crash (13:37)
By default it only shows history for the current month. If you need to go further back in history than one month, you can read the /var/log/wtmp.1 file with the last command.
last -f wtmp.1 rick will show the previous month's history of logins for user rick:
$ last -f /var/log/wtmp.1 rick
rick tty7 :0 Sun Mar 31 16:53 gone - no logout
rick tty7 :0 Sat Mar 30 19:18 - down (13:20)
(...SNIP...)
rick tty7 :0 Fri Mar 1 20:55 - down (11:55)
wtmp.1 begins Fri Mar 1 18:23:28 2019
Security is hardened such that normal users can't write or delete the file:
$ ll /var/log/wtmp.1
-rw-rw-r-- 1 root utmp 107520 Mar 31 16:53 /var/log/wtmp.1
Console only logins
The console uses the login command which records data to /var/log/lastlog:
$ ll /var/log/lastlog
-rw-rw-r-- 1 root utmp 292292 Apr 24 16:22 /var/log/lastlog
The lastlog file though cannot be tampered with so easily when you look at the File Owner and File Group above. "Normal" users just have read access. It's a binary file though so you can't just cat it and get meaningful information. Use this command instead:
$ lastlog
Username Port From Latest
root **Never logged in**
daemon **Never logged in**
bin **Never logged in**
sys **Never logged in**
(...SNIP...)
usbmux **Never logged in**
rick tty1 Wed Nov 28 04:19:53 -0700 2018
vnstat **Never logged in**
It's interesting to see all the different user IDs that could log in but never have and never should. I was surprised I haven't logged into the console / terminal since November last year.
answered 7 hours ago
WinEunuuchs2UnixWinEunuuchs2Unix
48.6k1198187
add a comment |
This would be shown in /var/log/auth.log if the 'person' controlling your system remotely is not smart enough to clean up the logs. You might be able to see login data by using:
sudo cat /var/log/auth.log | grep USERNAME
(where USERNAME is your user).
Beyond this, however, if there's nothing in this log, and you really do think you're being remote-controlled, I'd suggest clean-installing your system and starting from scratch with different passwords and better hardening your system.
answered 16 hours ago
Thomas Ward♦Thomas Ward
45.5k23125178
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Axolotl101 is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1138091%2fhow-do-i-see-if-and-when-someone-logged-in-my-account%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
last command to the rescue
The last command shows by a given user name or all user names:
$ last rick
rick tty7 :0 Wed Apr 24 16:25 gone - no logout
rick tty8 :1 Wed Apr 24 16:24 - down (00:00)
rick tty7 :0 Tue Apr 23 20:12 - down (20:06)
rick tty7 :0 Tue Apr 23 18:30 - crash (01:42)
(...SNIP...)
rick tty7 :0 Tue Apr 2 16:52 - down (00:31)
rick tty7 :0 Tue Apr 2 03:14 - crash (13:37)
By default it only shows history for the current month. If you need to go further back in history than one month, you can read the /var/log/wtmp.1 file with the last command.
last -f wtmp.1 rick will show the previous month's history of logins for user rick:
$ last -f /var/log/wtmp.1 rick
rick tty7 :0 Sun Mar 31 16:53 gone - no logout
rick tty7 :0 Sat Mar 30 19:18 - down (13:20)
(...SNIP...)
rick tty7 :0 Fri Mar 1 20:55 - down (11:55)
wtmp.1 begins Fri Mar 1 18:23:28 2019
Security is hardened such that normal users can't write or delete the file:
$ ll /var/log/wtmp.1
-rw-rw-r-- 1 root utmp 107520 Mar 31 16:53 /var/log/wtmp.1
Console only logins
The console uses the login command which records data to /var/log/lastlog:
$ ll /var/log/lastlog
-rw-rw-r-- 1 root utmp 292292 Apr 24 16:22 /var/log/lastlog
The lastlog file though cannot be tampered with so easily when you look at the File Owner and File Group above. "Normal" users just have read access. It's a binary file though so you can't just cat it and get meaningful information. Use this command instead:
$ lastlog
Username Port From Latest
root **Never logged in**
daemon **Never logged in**
bin **Never logged in**
sys **Never logged in**
(...SNIP...)
usbmux **Never logged in**
rick tty1 Wed Nov 28 04:19:53 -0700 2018
vnstat **Never logged in**
It's interesting to see all the different user IDs that could log in but never have and never should. I was surprised I haven't logged into the console / terminal since November last year.
answered 7 hours ago
WinEunuuchs2UnixWinEunuuchs2Unix
48.6k1198187
add a comment |
last command to the rescue
The last command shows by a given user name or all user names:
$ last rick
rick tty7 :0 Wed Apr 24 16:25 gone - no logout
rick tty8 :1 Wed Apr 24 16:24 - down (00:00)
rick tty7 :0 Tue Apr 23 20:12 - down (20:06)
rick tty7 :0 Tue Apr 23 18:30 - crash (01:42)
(...SNIP...)
rick tty7 :0 Tue Apr 2 16:52 - down (00:31)
rick tty7 :0 Tue Apr 2 03:14 - crash (13:37)
By default it only shows history for the current month. If you need to go further back in history than one month, you can read the /var/log/wtmp.1 file with the last command.
last -f wtmp.1 rick will show the previous month's history of logins for user rick:
$ last -f /var/log/wtmp.1 rick
rick tty7 :0 Sun Mar 31 16:53 gone - no logout
rick tty7 :0 Sat Mar 30 19:18 - down (13:20)
(...SNIP...)
rick tty7 :0 Fri Mar 1 20:55 - down (11:55)
wtmp.1 begins Fri Mar 1 18:23:28 2019
Security is hardened such that normal users can't write or delete the file:
$ ll /var/log/wtmp.1
-rw-rw-r-- 1 root utmp 107520 Mar 31 16:53 /var/log/wtmp.1
Console only logins
The console uses the login command which records data to /var/log/lastlog:
$ ll /var/log/lastlog
-rw-rw-r-- 1 root utmp 292292 Apr 24 16:22 /var/log/lastlog
The lastlog file though cannot be tampered with so easily when you look at the File Owner and File Group above. "Normal" users just have read access. It's a binary file though so you can't just cat it and get meaningful information. Use this command instead:
$ lastlog
Username Port From Latest
root **Never logged in**
daemon **Never logged in**
bin **Never logged in**
sys **Never logged in**
(...SNIP...)
usbmux **Never logged in**
rick tty1 Wed Nov 28 04:19:53 -0700 2018
vnstat **Never logged in**
It's interesting to see all the different user IDs that could log in but never have and never should. I was surprised I haven't logged into the console / terminal since November last year.
answered 7 hours ago
WinEunuuchs2UnixWinEunuuchs2Unix
48.6k1198187
add a comment |
last command to the rescue
The last command shows by a given user name or all user names:
$ last rick
rick tty7 :0 Wed Apr 24 16:25 gone - no logout
rick tty8 :1 Wed Apr 24 16:24 - down (00:00)
rick tty7 :0 Tue Apr 23 20:12 - down (20:06)
rick tty7 :0 Tue Apr 23 18:30 - crash (01:42)
(...SNIP...)
rick tty7 :0 Tue Apr 2 16:52 - down (00:31)
rick tty7 :0 Tue Apr 2 03:14 - crash (13:37)
By default it only shows history for the current month. If you need to go further back in history than one month, you can read the /var/log/wtmp.1 file with the last command.
last -f wtmp.1 rick will show the previous month's history of logins for user rick:
$ last -f /var/log/wtmp.1 rick
rick tty7 :0 Sun Mar 31 16:53 gone - no logout
rick tty7 :0 Sat Mar 30 19:18 - down (13:20)
(...SNIP...)
rick tty7 :0 Fri Mar 1 20:55 - down (11:55)
wtmp.1 begins Fri Mar 1 18:23:28 2019
Security is hardened such that normal users can't write or delete the file:
$ ll /var/log/wtmp.1
-rw-rw-r-- 1 root utmp 107520 Mar 31 16:53 /var/log/wtmp.1
Console only logins
The console uses the login command which records data to /var/log/lastlog:
$ ll /var/log/lastlog
-rw-rw-r-- 1 root utmp 292292 Apr 24 16:22 /var/log/lastlog
The lastlog file though cannot be tampered with so easily when you look at the File Owner and File Group above. "Normal" users just have read access. It's a binary file though so you can't just cat it and get meaningful information. Use this command instead:
$ lastlog
Username Port From Latest
root **Never logged in**
daemon **Never logged in**
bin **Never logged in**
sys **Never logged in**
(...SNIP...)
usbmux **Never logged in**
rick tty1 Wed Nov 28 04:19:53 -0700 2018
vnstat **Never logged in**
It's interesting to see all the different user IDs that could log in but never have and never should. I was surprised I haven't logged into the console / terminal since November last year.
answered 7 hours ago
WinEunuuchs2UnixWinEunuuchs2Unix
48.6k1198187
last command to the rescue
The last command shows by a given user name or all user names:
$ last rick
rick tty7 :0 Wed Apr 24 16:25 gone - no logout
rick tty8 :1 Wed Apr 24 16:24 - down (00:00)
rick tty7 :0 Tue Apr 23 20:12 - down (20:06)
rick tty7 :0 Tue Apr 23 18:30 - crash (01:42)
(...SNIP...)
rick tty7 :0 Tue Apr 2 16:52 - down (00:31)
rick tty7 :0 Tue Apr 2 03:14 - crash (13:37)
By default it only shows history for the current month. If you need to go further back in history than one month, you can read the /var/log/wtmp.1 file with the last command.
last -f wtmp.1 rick will show the previous month's history of logins for user rick:
$ last -f /var/log/wtmp.1 rick
rick tty7 :0 Sun Mar 31 16:53 gone - no logout
rick tty7 :0 Sat Mar 30 19:18 - down (13:20)
(...SNIP...)
rick tty7 :0 Fri Mar 1 20:55 - down (11:55)
wtmp.1 begins Fri Mar 1 18:23:28 2019
Security is hardened such that normal users can't write or delete the file:
$ ll /var/log/wtmp.1
-rw-rw-r-- 1 root utmp 107520 Mar 31 16:53 /var/log/wtmp.1
Console only logins
The console uses the login command which records data to /var/log/lastlog:
$ ll /var/log/lastlog
-rw-rw-r-- 1 root utmp 292292 Apr 24 16:22 /var/log/lastlog
The lastlog file though cannot be tampered with so easily when you look at the File Owner and File Group above. "Normal" users just have read access. It's a binary file though so you can't just cat it and get meaningful information. Use this command instead:
$ lastlog
Username Port From Latest
root **Never logged in**
daemon **Never logged in**
bin **Never logged in**
sys **Never logged in**
(...SNIP...)
usbmux **Never logged in**
rick tty1 Wed Nov 28 04:19:53 -0700 2018
vnstat **Never logged in**
It's interesting to see all the different user IDs that could log in but never have and never should. I was surprised I haven't logged into the console / terminal since November last year.
answered 7 hours ago
WinEunuuchs2UnixWinEunuuchs2Unix
48.6k1198187
edited 6 hours ago
answered 7 hours ago
WinEunuuchs2UnixWinEunuuchs2Unix
48.6k1198187
answered 7 hours ago
WinEunuuchs2UnixWinEunuuchs2Unix
48.6k1198187
answered 7 hours ago
WinEunuuchs2UnixWinEunuuchs2Unix
48.6k1198187
48.6k1198187
add a comment |
add a comment |
This would be shown in /var/log/auth.log if the 'person' controlling your system remotely is not smart enough to clean up the logs. You might be able to see login data by using:
sudo cat /var/log/auth.log | grep USERNAME
(where USERNAME is your user).
Beyond this, however, if there's nothing in this log, and you really do think you're being remote-controlled, I'd suggest clean-installing your system and starting from scratch with different passwords and better hardening your system.
answered 16 hours ago
Thomas Ward♦Thomas Ward
45.5k23125178
add a comment |
This would be shown in /var/log/auth.log if the 'person' controlling your system remotely is not smart enough to clean up the logs. You might be able to see login data by using:
sudo cat /var/log/auth.log | grep USERNAME
(where USERNAME is your user).
Beyond this, however, if there's nothing in this log, and you really do think you're being remote-controlled, I'd suggest clean-installing your system and starting from scratch with different passwords and better hardening your system.
answered 16 hours ago
Thomas Ward♦Thomas Ward
45.5k23125178
add a comment |
This would be shown in /var/log/auth.log if the 'person' controlling your system remotely is not smart enough to clean up the logs. You might be able to see login data by using:
sudo cat /var/log/auth.log | grep USERNAME
(where USERNAME is your user).
Beyond this, however, if there's nothing in this log, and you really do think you're being remote-controlled, I'd suggest clean-installing your system and starting from scratch with different passwords and better hardening your system.
answered 16 hours ago
Thomas Ward♦Thomas Ward
45.5k23125178
This would be shown in /var/log/auth.log if the 'person' controlling your system remotely is not smart enough to clean up the logs. You might be able to see login data by using:
sudo cat /var/log/auth.log | grep USERNAME
(where USERNAME is your user).
Beyond this, however, if there's nothing in this log, and you really do think you're being remote-controlled, I'd suggest clean-installing your system and starting from scratch with different passwords and better hardening your system.
answered 16 hours ago
Thomas Ward♦Thomas Ward
45.5k23125178
answered 16 hours ago
Thomas Ward♦Thomas Ward
45.5k23125178
answered 16 hours ago
Thomas Ward♦Thomas Ward
45.5k23125178
answered 16 hours ago
Thomas Ward♦Thomas Ward
45.5k23125178
45.5k23125178
add a comment |
add a comment |
Axolotl101 is a new contributor. Be nice, and check out our Code of Conduct.
Axolotl101 is a new contributor. Be nice, and check out our Code of Conduct.
Axolotl101 is a new contributor. Be nice, and check out our Code of Conduct.
Axolotl101 is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1138091%2fhow-do-i-see-if-and-when-someone-logged-in-my-account%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Excellent question to find out when a user logged in and for how long. Managers can use this to track employee activity. Time Share providers (called Cloud these days) can use it for client billing backup purposes I guess. I'm surprised it's not a duplicate question.
– WinEunuuchs2Unix
5 hours ago