바로가기 메뉴
본문내용 바로가기
메인메뉴 바로가기



Customer Center

Notice · Security Issue · Account Guide · Global Traffic Test

HOME > Customer Center > Security Issue

보안이슈

last
2016.02.19

last

서버를 이용하는 각 계정사용자들의 로그인정보를 보여주는 명령어입니다.
흔히 관리자는 각 계정별로 서버에 접속한 시간과 IP주소등을 확인해야할 경우가 있습니다.
또한 특정 계정의 서버 접속정보를 확인해야할때에도 마찬가지입니다.
아래 예를 보시면 알시겠지만 last는 다양한 방법으로 사용자들의 로그인정보를 조사합니다.


사용형식

last [-R] [-num] [ -n num ] [-adiox] [ -f file ] [ -t YYYYMMDDHHMMSS ] [name...] [tty...


사용예 #1

그냥 아래와 같이 last라고만 하면 시스템의 모든 접속정보를 볼 수 있습니다.
아래 예와 같이 아무런 옵션없이 그냥 "last"라고만 하면 모든 계정들의 접속정보를 보여줍니다.

[root@host3 log]# last
root pts/0 192.168.0.2 Sat Oct 4 10:45 still logged in
reboot system boot 2.4.18-14 Sat Oct 4 10:29 (00:29)
root pts/1 192.168.0.2 Fri Oct 3 22:08 - down (01:29)
root pts/0 192.168.0.2 Fri Oct 3 19:22 - 23:37 (04:14)
reboot system boot 2.4.18-14 Fri Oct 3 19:11 (04:26)
root pts/0 192.168.0.2 Thu Oct 2 21:16 - down (00:00)
root pts/1 Thu Oct 2 19:42 - down (01:34)
root :0 Thu Oct 2 19:42 - down (01:34)
root pts/0 192.168.0.2 Thu Oct 2 19:33 - 21:16 (01:43)
reboot system boot 2.4.18-14 Thu Oct 2 19:20 (01:56)
root pts/1 Thu Oct 2 19:18 - crash (00:02)
root pts/0 Thu Oct 2 19:17 - crash (00:03)
root :0 Thu Oct 2 19:16 - crash (00:03)
reboot system boot 2.4.18-14 Thu Oct 2 19:15 (02:00)
reboot system boot 2.4.18-14 Thu Oct 2 18:59 (02:17)
reboot system boot 2.4.18-14 Thu Oct 2 18:51 (02:25)
reboot system boot 2.4.18-14 Thu Oct 2 18:42 (02:34)
root pts/1 192.168.0.2 Wed Oct 1 21:31 - down (01:29)

wtmp begins Wed Oct 1 18:46:52 2003
[root@host3 log]#


사용예 #2

아래예는 root의 접속정보만을 확인한 예입니다.

[root@host3 log]# last root
root pts/0 192.168.0.2 Sat Oct 4 10:45 still logged in
root pts/1 192.168.0.2 Fri Oct 3 22:08 - down (01:29)
root pts/0 192.168.0.2 Fri Oct 3 19:22 - 23:37 (04:14)
root pts/0 192.168.0.2 Thu Oct 2 21:16 - down (00:00)
root pts/1 Thu Oct 2 19:42 - down (01:34)
root :0 Thu Oct 2 19:42 - down (01:34)
root pts/0 192.168.0.2 Thu Oct 2 19:33 - 21:16 (01:43)
root pts/1 Thu Oct 2 19:18 - crash (00:02)
root pts/0 Thu Oct 2 19:17 - crash (00:03)
root :0 Thu Oct 2 19:16 - crash (00:03)
root pts/1 192.168.0.2 Wed Oct 1 21:31 - down (01:29)

wtmp begins Wed Oct 1 18:46:52 2003
[root@host3 log]#

사용예 #3

아래의 예는 5행의 결과만을 확인한 예입니다.

[root@host3 log]# last -5
bible pts/1 192.168.0.2 Sat Oct 4 11:00 - 11:00 (00:00)
bible pts/1 192.168.0.2 Sat Oct 4 11:00 - 11:00 (00:00)
bible pts/1 192.168.0.2 Sat Oct 4 10:59 - 10:59 (00:00)
root pts/0 192.168.0.2 Sat Oct 4 10:45 still logged in
reboot system boot 2.4.18-14 Sat Oct 4 10:29 (00:31)

wtmp begins Wed Oct 1 18:46:52 2003
[root@host3 log]#

사용예 #4

다음과 같이 -R옵션을 사용한 것으로서 last의 결과에서 호스트(IP주소)접속기록을 제외한 결과만을 보여준 예입니다.

[root@host3 log]# last -R
bible pts/1 Sat Oct 4 11:00 - 11:00 (00:00)
bible pts/1 Sat Oct 4 11:00 - 11:00 (00:00)
bible pts/1 Sat Oct 4 10:59 - 10:59 (00:00)
root pts/0 Sat Oct 4 10:45 still logged in
reboot system boot Sat Oct 4 10:29 (00:32)
root pts/1 Fri Oct 3 22:08 - down (01:29)
root pts/0 Fri Oct 3 19:22 - 23:37 (04:14)
reboot system boot Fri Oct 3 19:11 (04:26)
root pts/0 Thu Oct 2 21:16 - down (00:00)
root pts/1 Thu Oct 2 19:42 - down (01:34)
root :0 Thu Oct 2 19:42 - down (01:34)
root pts/0 Thu Oct 2 19:33 - 21:16 (01:43)
reboot system boot Thu Oct 2 19:20 (01:56)
root pts/1 Thu Oct 2 19:18 - crash (00:02)
root pts/0 Thu Oct 2 19:17 - crash (00:03)
root :0 Thu Oct 2 19:16 - crash (00:03)
reboot system boot Thu Oct 2 19:15 (02:00)
reboot system boot Thu Oct 2 18:59 (02:17)
reboot system boot Thu Oct 2 18:51 (02:25)
reboot system boot Thu Oct 2 18:42 (02:34)
root pts/1 Wed Oct 1 21:31 - down (01:29)

wtmp begins Wed Oct 1 18:46:52 2003
[root@host3 log]#

사용예 #5

다음은 -a옵션을 사용하여 last의 결과중 호스트(IP주소)정보를 맨 마지막에 보여준 예입니다.

[root@host3 log]# last -a
bible pts/1 Sat Oct 4 11:00 - 11:00 (00:00) 192.168.0.2
bible pts/1 Sat Oct 4 11:00 - 11:00 (00:00) 192.168.0.2
bible pts/1 Sat Oct 4 10:59 - 10:59 (00:00) 192.168.0.2
root pts/0 Sat Oct 4 10:45 still logged in 192.168.0.2
reboot system boot Sat Oct 4 10:29 (00:32) 2.4.18-14
root pts/1 Fri Oct 3 22:08 - down (01:29) 192.168.0.2
root pts/0 Fri Oct 3 19:22 - 23:37 (04:14) 192.168.0.2
reboot system boot Fri Oct 3 19:11 (04:26) 2.4.18-14
root pts/0 Thu Oct 2 21:16 - down (00:00) 192.168.0.2
root pts/1 Thu Oct 2 19:42 - down (01:34)
root :0 Thu Oct 2 19:42 - down (01:34)
root pts/0 Thu Oct 2 19:33 - 21:16 (01:43) 192.168.0.2
reboot system boot Thu Oct 2 19:20 (01:56) 2.4.18-14
root pts/1 Thu Oct 2 19:18 - crash (00:02)
root pts/0 Thu Oct 2 19:17 - crash (00:03)
root :0 Thu Oct 2 19:16 - crash (00:03)
reboot system boot Thu Oct 2 19:15 (02:00) 2.4.18-14
reboot system boot Thu Oct 2 18:59 (02:17) 2.4.18-14
reboot system boot Thu Oct 2 18:51 (02:25) 2.4.18-14
reboot system boot Thu Oct 2 18:42 (02:34) 2.4.18-14
root pts/1 Wed Oct 1 21:31 - down (01:29) 192.168.0.2

wtmp begins Wed Oct 1 18:46:52 2003
[root@host3 log]#

사용예 #6

다음은 모든 결과중 외부에서 접속한 정보와 reboot에 관한 정보만을 보여줍니다.

[root@host3 log]# last -d
bible pts/1 192.168.0.2 Sat Oct 4 11:00 - 11:00 (00:00)
bible pts/1 192.168.0.2 Sat Oct 4 11:00 - 11:00 (00:00)
bible pts/1 192.168.0.2 Sat Oct 4 10:59 - 10:59 (00:00)
root pts/0 192.168.0.2 Sat Oct 4 10:45 still logged in
reboot system boot 2.4.18-14 Sat Oct 4 10:29 (00:32)
root pts/1 192.168.0.2 Fri Oct 3 22:08 - down (01:29)
root pts/0 192.168.0.2 Fri Oct 3 19:22 - 23:37 (04:14)
reboot system boot 2.4.18-14 Fri Oct 3 19:11 (04:26)
root pts/0 192.168.0.2 Thu Oct 2 21:16 - down (00:00)
root pts/1 Thu Oct 2 19:42 - down (01:34)
root :0 Thu Oct 2 19:42 - down (01:34)
root pts/0 192.168.0.2 Thu Oct 2 19:33 - 21:16 (01:43)
reboot system boot 2.4.18-14 Thu Oct 2 19:20 (01:56)
root pts/1 Thu Oct 2 19:18 - crash (00:02)
root pts/0 Thu Oct 2 19:17 - crash (00:03)
root :0 Thu Oct 2 19:16 - crash (00:03)
reboot system boot 2.4.18-14 Thu Oct 2 19:15 (02:00)
reboot system boot 2.4.18-14 Thu Oct 2 18:59 (02:17)
reboot system boot 2.4.18-14 Thu Oct 2 18:51 (02:25)
reboot system boot 2.4.18-14 Thu Oct 2 18:42 (02:34)
root pts/1 192.168.0.2 Wed Oct 1 21:31 - down (01:29)

wtmp begins Wed Oct 1 18:46:52 2003
[root@host3 log]#


이호스트데이터센터(http://www.ehostidc.co.kr)
첨부파일