ISO27001:2013
Certified Supplier

FIND OUT MORE

We're an ISO27001:2013 Certified Supplier

blog-post-featured-image

In an ideal world, user authentication is centralised, typically these days using LDAP or perhaps Microsoft Active Directory. We have robust processes in place to ensure that, when a user leaves (or should no longer have access to their account), their accounts are removed (or disabled).

In the real world, we sometimes find that we have local accounts on our Linux systems, and sometimes they persist longer than perhaps they should.

We can list the user accounts that have not been logged in during the last 60 days with this variant of the lastlog command:

There will be some system accounts that won’t have been logged in to during that time or, more likely, never logged in to:

So let’s filter those out:

So, user harry hasn’t logged in for more than 60 days. Should his account still exist?

If you prefer, you can find out which account have been logged into in the last 60 days:

Hopefully no surprises in the output there…

Was This Linux Tip Helpful?

Let us know in the comments below.

Leave a Reply

Your email address will not be published. Required fields are marked *