Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
System Administration
Showing results for 
Search instead for 
Did you mean: 

clearing the contents of wtmp and btmp

Go to solution
Regular Advisor

clearing the contents of wtmp and btmp

how can i clear the contents of the wtmp and btmp? these contains the login and boot history, right? I want to clear this because, the root password was accidentaly inputed instead of the root account. Many thanks!
Ermin Borovac
Honored Contributor

Re: clearing the contents of wtmp and btmp

You can simply zero wtmp and btmp with cat.

# cp /var/adm/wtmp /var/adm/wtmp.old
# cp /var/adm/btmp /var/adm/btmp.old
# cat /dev/null > /var/adm/wtmp
# cat /dev/null > /var/adm/btmp

Make sure you protect wtmp.old and btmp.old with permission mode 600.

Please note the permissions on /var/adm/btmp should be 600 so that normal users cannot see failed login attempts and find out other people's passwords.
A. Clay Stephenson
Acclaimed Contributor

Re: clearing the contents of wtmp and btmp

The preferred method is to use fwtmp. It can be used to convert the binary files to ASCII and then do the reverse. You should use fwtmp to convert to ASCII; edit the file; and then use fwtmp to rewrite the file. Man fwtmp for details. It's actually a common practice to automate this and remove all enties > n days old using awk or Perl and rewrite the file.

You can simply cp /dev/null to the files.
If it ain't broke, I can fix that.
Indira Aramandla
Honored Contributor

Re: clearing the contents of wtmp and btmp

Hi Fernando,

File btmp contains bad login entries for each invalid logon attempt. File wtmp contains a record of all logins and logouts.

If you want to trim / clear the logs then make a record of the bad / incorrect logins and then trim the logs using fwtmp.

fwtmp reads from the standard input and writes to the standard output, converting binary records of the type found in wtmp to formatted ASCII records. The ASCII version is useful to enable editing, via ed(1), bad records or general purpose maintenance of the file.

You can use sam to trim the logs. Sam--Routine Tasks---System Log Files-----select /var/adm/wtmp and /var/admbtmp then from Action menu select trim to zero.

Note:- Note that wtmp and btmp are not created by the programs that maintain them. Thus, if these files are removed, record-keeping is turned off.

Indira A
Never give up, Keep Trying
Regular Advisor

Re: clearing the contents of wtmp and btmp

I have noticed that after doing the clearing (trim to zero) and executed the "lastb" command, it still list the users. How is this possible?
Regular Advisor

Re: clearing the contents of wtmp and btmp

Hi All,

Thanks for that quick response! It helped a lot!