Is there a way to report incorrect login attempts in Ubuntu 12.10?

I am concerned with some people trying to access my laptop while I am away in my work place.

Therefore I was wondering if is there a way to set up kind of automatically monitor and report wrong password login attempts.

Asked By: Pablo Herrero


All login attempts (successful or failed) are recorded in /var/log/auth.log. The file is rotated every week, so look in /var/log/auth.log.0 for the previous week’s logs, /var/log/auth.log.1.gz for the week before, etc. By default, 4 weeks are kept.

On other distributions, the principles are the same, but the name of the file may be different (always in /var/log under Linux and most other unix variants), and the rotation periods are very distribution-dependent.

You will need to be root to see those logs. There are programs like logwatch that you can set up to monitor logs and send you “interesting” lines by email, but I think setting this up is overkill for your situation.

There are utility commands named last and lastb to list the logins and attempted logins on most Unix distributions. In your case you might want to try the lastb command to see the failures. As stated before you will need to be root to see these logs.

Answered By: PenguinWarrior
Categories: Answers Tags: , , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.