A system administrator is performing a security audit and must generate a report of the most recent login time for every user account defined on the system. The report must include accounts that have never been used. Which of the following commands would be the most effective for the administrator to use to gather this specific information?
The correct answer is lastlog. The lastlog command formats and prints the contents of the /var/log/lastlog file, which records the last login time for each user. A key feature of this command is that it will display a "Never logged in" message for any user who has never accessed the system, thereby fulfilling all requirements of the audit.
last: This command reads from the /var/log/wtmp file to show a history of successful logins. It is incorrect for this scenario because it will not list users who have never logged into the system.
who: This command shows who is currently logged into the system. It does not provide the required historical data for all users.
getent passwd: This command retrieves user account details (such as UID, GID, home directory, and shell) from the system's password database but does not contain login time information.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of the /var/log/lastlog file?
Open an interactive chat with Bash
How does the `lastlog` command differ from `last`?
Open an interactive chat with Bash
Why would `getent passwd` not work for fetching login times?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Services and User Management
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access