Find out who all logged into your server on particular time and how many bad attempt where made to access your server using Last and Lastb commannds.
last command shows the users who logged into your server with the time and IP addresses.
This gets the details stored in the location
"/var/log/wtmp"eg:
[root@centos06plesk test]# last -t 20131029231500
root pts/2 t.admin-ahead.c Tue Oct 29 09:09 - 09:09 (00:00)
root pts/2 t.admin-ahead.c Tue Oct 29 09:08 - 09:09 (00:00)
root pts/0 t.admin-ahead.c Tue Oct 29 08:32 still logged in
Here in this command it is specified year,month,date,hour,minute,seconds using the "-t " option
Lastb This command shows the bad attempts made to access the server.
This gets the details stored in the location
"/var/log/btmp"eg:
[root@centos06plesk test]# lastb -t 20131029231500 | less
root ssh:notty 211.236.246.12 Tue Oct 29 14:18 - 14:18 (00:00)
root ssh:notty 211.236.246.12 Tue Oct 29 14:18 - 14:18 (00:00)
root ssh:notty 211.236.246.12 Tue Oct 29 14:18 - 14:18 (00:00)
zt ssh:notty 211.236.246.12 Tue Oct 29 14:17 - 14:17 (00:00)
zt ssh:notty 211.236.246.12 Tue Oct 29 14:17 - 14:17 (00:00)
bin ssh:notty 211.236.246.12 Tue Oct 29 14:17 - 14:17 (00:00)
Here in this command also it is specified year,month,date,hour,minute,seconds using the "-t " option
NB: Thus we get the IP from which these attempts where made and can block them if found suspicious.Find more options with last command at http://explainshell.com/explain/1/last
Find more options with lastb command at http://explainshell.com/explain/1/lastb
