A system administrator is investigating a potential security breach on a Linux server. To generate a historical list of all successful user logins and their corresponding source IP addresses, the administrator runs the last command. Which of the following files does this command primarily parse to generate its report?
The last command reads the /var/log/wtmp binary file, which stores a historical record of all user logins and logouts. This makes it the direct source for the information needed in the security investigation. The /var/log/btmp file is similar but specifically tracks failed login attempts and is read by the lastb command. The /var/log/utmp file only contains information about users who are currently logged in. While /var/log/secure contains authentication-related messages, it is a general text-based security log and is not the specific file parsed by the last command for historical login session data.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.