lastlog, as the name might suggest, shows the available accounts and the last times they logged in.
And that may be all it does, with a few other flags that trim the search dates or specify a user name.
It raises a question for me though. I don’t have a multiuser system to check on, but can I list all the users on a system with this tool?
You can see in the screenshot that without sudo I can see all the users available on this computer; should I attribute that to being the only user?
I wouldn’t dare call that a security flaw, but knowing available accounts seems like half the challenge.
And now I will stop talking about things I really don’t know, and tell something I do: lastlog is part of shadow in Arch, but I can’t seem to find it in Debian.