linux-security-logs-auditing
lastlog //shows you when each user last logged in
//if you want to "reset" the last log
mv lastlog lastlog.bak cat > /var/log/lastlog
last //shows you last logins in /var/log/wtmp last -f wtmp.1 //shows you the last login from the previous month's rotation
lastb //bad login attempts, /var/log/btmp
/etc/logrotate.conf
rotated once a month, with 6 backup copies retained:
no packages own wtmp, or btmp -- we'll rotate them here
/var/log/wtmp { missingok monthly create 0664 root utmp rotate 6 }