System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

HP UX 11.31 wtmp/wtmpfix musteries

gr8_lkr
Advisor

HP UX 11.31 wtmp/wtmpfix musteries

Hello All,

 

I am perplexed as to what exactly is current with 11.31 and have mixed responses from peers and research.

 

can anyone explain to me the current files used in 11.31 when it comes down to where account info is logged etc.

 

client info:

CONFIGURATION

Server model (model): ia64 hp server rx8640

Operating system (uname -a):HP-UX B.11.31

 

client claims not updating as far as finger/last/who being in sync.

 

I know this is normal and have heard of a patch coming to help soon.

But I am confused as to :

-what files are actually in scope (being updated)

-proper way to go about fixing corruption  (wtmpfix may not be answer anymore)

-can I get a clear definition of what updates what and if version level dictate what files are involved.

-patches for 11.31?

-utmpd is still the main process?  (stop then fix file? what file? then restart)?

 

what we have tried so far:

Here are our options as I see them.

1. test wtmpfix/fwtmp -X behavior on test box and then use it to fix any corruption on production box, explain to sec team that the corruption has to be addressed by using hp commands on these files

2. wait for next reboot and zero out all those files in single user to clear any corruption

3. leave the files as they are and don't use accounting

 

Example of error fix:

 

hputairl:/tmp# mkdir /tmp/wtmptest

hputairl:/tmp# cd /tmp/wtmptest

 

hputairl:/tmp/wtmptest# uname -a

HP-UX hputairl B.11.31 U ia64 2249887032 unlimited-user license

 

hputairl:/tmp/wtmptest# cp /var/adm/wtmps .

hputairl:/tmp/wtmptest# ll

total 5776

-rw-rw-r--   1 root       sys        2952908 Mar 18 12:36 wtmps

 

hputairl:/tmp/wtmptest# cat wtmps | /usr/sbin/acct/fwtmp -X > x.log

 

hputairl:/tmp/wtmptest# head -3 x.log

           system boot      0  2 0000 0000 1227700828 0 Nov 26 20:00:28 2008 0  

           run-level 3      0  1 0063 0123 1227700828 0 Nov 26 20:00:28 2008 0  

vxenable vxen             145  5 0000 0000 1227700828 0 Nov 26 20:00:28 2008 0  

 

hputairl:/tmp/wtmptest# tail -3 x.log

root     td   pts/td    24665  8 0000 0000 1268881158 0 Mar 18 10:59:18 2010 0  

LOGIN    td   pts/td    25761  6 0000 0000 1268886532 0 Mar 18 12:28:52 2010 0 16.157.167.114 fantasia.asiapacific.hpqcorp.net

root     td   pts/td    25761  7 0000 0003 1268886537 0 Mar 18 12:28:57 2010 0 16.157.167.114 fantasia.asiapacific.hpqcorp.net

hputairl:/tmp/wtmptest# exit

 

if confused I am very sorry but someboby with knowledge probebly knows the headache I am going through with an client that wants me to read the manpages for them,  and I have but still a bit muddy for myself.

 

1 REPLY
Dennis Handly
Acclaimed Contributor

Re: HP-UX 11.31 wtmp/wtmpfix mysteries

>can anyone explain to me the current files used in 11.31 when it comes down to where account info is logged etc.

 

The man pages seem to say it is written out to wtmps and btmps.  And for the currently logged on info, it is in utmpd(1m).

 

>-proper way to go about fixing corruption  (wtmpfix may not be answer anymore)

 

Corruption in what file(s)?  wtmps(4)?

 

>-can I get a clear definition of what updates what and if version level dictate what files are involved.

 

I assume utmpd(1m) updates utmps(4).

 

>-utmpd is still the main process?  (stop then fix file? what file? then restart)?

 

You fix utmps(4).

 

>1. test wtmpfix/fwtmp -X behavior on test box and then use it to fix any corruption on production box, explain to sec team that the corruption has to be addressed by using HP commands on these files

 

What corruption?

 

>2. wait for next reboot and zero out all those files in single user to clear any corruption

 

I don't think you need to wait.

 

>Example of error fix:

 

I don't see any errors?  x.log seem fine.

 

>with an client that wants me to read the manpages for them, and I have but still a bit muddy for myself.

 

What's the problem?  Does last(1) or lastb(1) show any problems?