HPE Community
Operating System - HP-UX
1753481 Members
4464 Online
108794 Solutions
New Discussion юеВ

Re: clearing the contents of wtmp and btmp

 
SOLVED
Go to solution
Pando
Regular Advisor

тАО04-17-2005 12:59 PM

тАО04-17-2005 12:59 PM

clearing the contents of wtmp and btmp

how can i clear the contents of the wtmp and btmp? these contains the login and boot history, right? I want to clear this because, the root password was accidentaly inputed instead of the root account. Many thanks!
0 Kudos
5 REPLIES 5
Ermin Borovac
Honored Contributor

тАО04-17-2005 01:30 PM

тАО04-17-2005 01:30 PM

Solution

Re: clearing the contents of wtmp and btmp

You can simply zero wtmp and btmp with cat.

# cp /var/adm/wtmp /var/adm/wtmp.old
# cp /var/adm/btmp /var/adm/btmp.old
# cat /dev/null > /var/adm/wtmp
# cat /dev/null > /var/adm/btmp

Make sure you protect wtmp.old and btmp.old with permission mode 600.

Please note the permissions on /var/adm/btmp should be 600 so that normal users cannot see failed login attempts and find out other people's passwords.
0 Kudos
A. Clay Stephenson
Acclaimed Contributor

тАО04-17-2005 02:15 PM

тАО04-17-2005 02:15 PM

Re: clearing the contents of wtmp and btmp

The preferred method is to use fwtmp. It can be used to convert the binary files to ASCII and then do the reverse. You should use fwtmp to convert to ASCII; edit the file; and then use fwtmp to rewrite the file. Man fwtmp for details. It's actually a common practice to automate this and remove all enties > n days old using awk or Perl and rewrite the file.

You can simply cp /dev/null to the files.
If it ain't broke, I can fix that.
0 Kudos
Indira Aramandla
Honored Contributor

тАО04-17-2005 02:39 PM

тАО04-17-2005 02:39 PM

Re: clearing the contents of wtmp and btmp

Hi Fernando,

File btmp contains bad login entries for each invalid logon attempt. File wtmp contains a record of all logins and logouts.

If you want to trim / clear the logs then make a record of the bad / incorrect logins and then trim the logs using fwtmp.

fwtmp reads from the standard input and writes to the standard output, converting binary records of the type found in wtmp to formatted ASCII records. The ASCII version is useful to enable editing, via ed(1), bad records or general purpose maintenance of the file.

You can use sam to trim the logs. Sam--Routine Tasks---System Log Files-----select /var/adm/wtmp and /var/admbtmp then from Action menu select trim to zero.

Note:- Note that wtmp and btmp are not created by the programs that maintain them. Thus, if these files are removed, record-keeping is turned off.

Indira A
Never give up, Keep Trying
0 Kudos
Pando
Regular Advisor

тАО04-17-2005 04:20 PM

тАО04-17-2005 04:20 PM

Re: clearing the contents of wtmp and btmp

I have noticed that after doing the clearing (trim to zero) and executed the "lastb" command, it still list the users. How is this possible?
0 Kudos
Pando
Regular Advisor

тАО04-21-2005 02:29 PM

тАО04-21-2005 02:29 PM

Re: clearing the contents of wtmp and btmp

Hi All,

Thanks for that quick response! It helped a lot!
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.