- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- bad logins
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2004 05:26 AM
тАО02-09-2004 05:26 AM
Can any one tell me the best way to cleanup
the /var/adm/btmp ( data file )? Someone
with root access attempted to login to the system, and typed the root password instead of
the login ID. Now the root password is sitting
there ( /var/adm/btmp ) in plain test. Do I have to:
o remove "/var/adm/btmp"?
o create a new root password ?
or is their another way to just remove the embedded password, and leave the rest of the data in place? Please advise, and thanks for the help.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2004 05:32 AM
тАО02-09-2004 05:32 AM
Re: bad logins
# > /var/adm/btmp
This will nullify the file. You don't need to remove the file or create new root password.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2004 05:35 AM
тАО02-09-2004 05:35 AM
SolutionYou can use 'fwtmp' to do the job for you. Convert the binary file to ascii. Edit it and make changes and then convert it back to binary.
#cd /usr/sbin/acct
#./fwtmp < /var/adm/btmp > btmp.txt
vi btmp.txt (search for the string and delete it)
#./fwtmp -ic < btmp.txt > /var/adm/btmp
You will need to remember that after overwriting the existing btmp file, you will lose the bad logins during that time frame.
-Sri
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2004 05:36 AM
тАО02-09-2004 05:36 AM
Re: bad logins
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2004 05:37 AM
тАО02-09-2004 05:37 AM
Re: bad logins
cat /var/adm/btmp | /usr/sbin/acct/fwtmp > /tmp/ascii_btmp
vi /tmp/ascii_btmp to delete the records you want.
cat /tmp/ascii_btmp | /usr/sbin/acct/fwtmp -ic > /var/adm/btmp
This will allow you to remove the offending line.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2004 05:38 AM
тАО02-09-2004 05:38 AM
Re: bad logins
manually recreated as they not created by the programs that maintain them.
Thus, if these files are removed, record-keeping is turned off.
If you want to recreate them note the ownerships and permissions before
removing them and reset the ownerships and permissions after recreating the
files (usually with touch to create an empty files). This is EXTREMELY
important -> especially for the btmp file.
-USA..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2004 06:05 AM
тАО02-09-2004 06:05 AM
Re: bad logins
This will clear the file and you should do that periodically for this very reason.
log in as root
passwd
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2004 06:29 AM
тАО02-09-2004 06:29 AM
Re: bad logins
The problem with btmp isn't just with root, it is true for any user. lastb is a hacker's best friend as it only shows mistakes and passwords are easy to see when the user makes a mistake.,
Bill Hassell, sysadmin