utmp

utmp, wtmp – login records 

  • The /etc/utmp file, which contains a record of users logged into the system.

 

 

The utmp file allows one to discover information about who is currently using the system. There may be more users currently using the system, because not all programs use utmp logging.

Warning: utmp must not be writable, because many system programs (foolishly) depend on its integrity. You risk faked system logfiles and modifications of system files if you leave utmpwritable to any user.

 

/etc/utmp Contains a record of users logged into the system.
/var/adm/wtmp Contains connect accounting information.
/etc/security/failedlogin Contains a record of invalid login attempts