Shulou(Shulou.com)06/02 Report--

Preface

Do you know how to check the creation date of the account on the Linux system? If you know, then what can you do?

Did you make it? If so, what should be done?

Basically, the Linux system doesn't track this information, so what's the alternative to getting it?

You might ask, why am I checking this?

Yes, in some cases, you may need to check this information, which will be helpful to you then.

You can use the following seven methods for verification.

Using / var/log/secure using the aureport tool using .bash _ logout using the chage command using the useradd command using the passwd command using the last command

Method 1: use / var/log/secure

It stores all security-related messages, including authentication failures and authorization privileges. It also tracks sudo logins, SSH logins, and other error records through the system security daemon.

# grep prakash / var/log/secureApr 12 04:07:18 centos.2daygeek.com useradd [21263]: new group: name=prakash, GID=501Apr 12 04:07:18 centos.2daygeek.com useradd [21263]: new user: name=prakash, UID=501, GID=501, home=/home/prakash Shell=/bin/bashApr 12 04:07:34 centos.2daygeek.com passwd: pam_unix (passwd:chauthtok): password changed for prakashApr 12 04:08:32 centos.2daygeek.com sshd [21269]: Accepted password for prakash from 103.5.134.167 port 60554 ssh3Apr 12 04:08:32 centos.2daygeek.com sshd [21269]: pam_unix (sshd:session): session opened for user prakash by (uid=0)

Method 2: use the aureport tool

The aureport tool can generate summary and column reports based on the event records recorded in the audit log. By default, it queries all audit.log files in the / var/log/audit/ directory to create reports.

# aureport-- auth | grep prakash46. 04/12/2018 04:08:32 prakash 103.5.134.167 ssh / usr/sbin/sshd yes 28847. 04/12/2018 04:08:32 prakash 103.5.134.167 ssh / usr/sbin/sshd yes 291

Method 3: use .bash _ logout

The .bash _ logout in the home directory has a special meaning to bash and provides a way to execute commands when the user logs out of the system.

We can check the change date of .bash _ logout in the user's home directory. The file is created the first time the user logs out.

# stat / home/prakash/.bash_logout File: `/ home/prakash/.bash_logout' Size: 18 Blocks: 8 IO Block: 4096 regular fileDevice: 801h/2049d Inode: 256153 Links: 1Access: (0644) Uid: (501 / prakash) Gid: (501 / prakash) Access: (501 / prakash) Access: 2017-03-22 201415 Fraser 00.000000000-0400Modify: 2017-03-22 2015 Fringe 00.000000000-0400Change: 2018-04-12 04Rule 07purl 18.283000323-0400

Method 4: use the chage command

Chage means "change age". This command allows the user to manage password expiration information. The chage command modifies the number of days that the password needs to be changed since the date of the last password change.

The system uses this information to determine when users must change their password. This is useful if the user has not changed the password since the account creation date.

# chage-list prakashLast password change: Apr 12, 2018Password expires: neverPassword inactive: neverAccount expires: neverMinimum number of days between password change: 0Maximum number of days between password change: 99999Number of days of warning before password expires: 7

Method 5: use the useradd command

The useradd command is used to create a new account in Linux. By default, it does not add a user creation date, we must add a date using the remarks option.

# useradd-m prakash-c `date +% Y/%m/% d` # grep prakash / etc/passwdprakash:x:501:501:2018/04/12:/home/prakash:/bin/bash

Method 6: use the passwd command

The passwd command is used to assign a password to a local account or user. If the user does not change the password after the account is created, you can use the passwd command to see the date of the last password change.

# passwd-S prakashprakash PS 2018-04-11 0 99999 7-1 (Password set, MD5 crypt.)

Method 7: use the last command

The last command reads / var/log/wtmp and displays a list of all login (and logout) users since the file was created.

# last | grep "prakash" prakash pts/2 103.5.134.167 Thu Apr 12 04:08 still logged in

Via: https://www.2daygeek.com/how-to-check-user-created-date-on-linux/

Author: Prakash Subramanian topic: lujun9972 translator: geekpi proofread: wxy

Summary

The above is the whole content of this article, I hope that the content of this article has a certain reference and learning value for your study or work, if you have any questions, you can leave a message and exchange, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.