HPE Community
Operating System - HP-UX
1842533 Members
2640 Online
110189 Solutions
New Discussion

filter/remove last login information.

 
sfgroups
Advisor

‎03-13-2007 08:04 AM

‎03-13-2007 08:04 AM

filter/remove last login information.

Hi all,

I have some question about /var/adm/wtmp file. My last command shows lots of login for remshd with root user.

1. Is there a way not to log remshd login for this server?
2. How can I clear one week old login information from this file? Is there script or config file available for this?

I am using HP-UX 11.11

Sample last command output:

root remshd Tue Mar 13 15:59 still logged in
root remshd Tue Mar 13 15:59 still logged in
root remshd Tue Mar 13 15:59 still logged in
root remshd Tue Mar 13 15:59 still logged in
root remshd Tue Mar 13 15:59 still logged in
root remshd Tue Mar 13 15:59 still logged in
root remshd Tue Mar 13 15:59 still logged in
root remshd Tue Mar 13 15:59 still logged in
root remshd Tue Mar 13 15:59 still logged in
root remshd Tue Mar 13 15:59 still logged in
root remshd Tue Mar 13 15:58 still logged in
root remshd Tue Mar 13 15:58 still logged in
root remshd Tue Mar 13 15:58 still logged in
root remshd Tue Mar 13 15:58 still logged in
root remshd Tue Mar 13 15:58 still logged in
root remshd Tue Mar 13 15:58 still logged in
root remshd Tue Mar 13 15:58 still logged in
root remshd Tue Mar 13 15:58 still logged in
root remshd Tue Mar 13 15:58 still logged in

thanks
SR
0 Kudos
Reply
4 REPLIES 4
Sundar_7
Honored Contributor

‎03-13-2007 08:15 AM

‎03-13-2007 08:15 AM

Re: filter/remove last login information.

Add the -t option to remshd entry in /etc/inetd.conf and run inetd -c. This will prevent remshd from logging the logins to /var/adm/wtmp.

There are number of useful accounting scripts in /usr/sbin/acct directory. Review them if you would like,

Sundar.
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Reply
Fauziah Mahdan
Super Advisor

‎04-10-2007 03:31 PM

‎04-10-2007 03:31 PM

Re: filter/remove last login information.

I get the same output in my last.log file.
But the remshd appear when I run nickel command to my db server. some line have the time out time but there is few lines with message still logged in.
Why and how to troubleshoot this?
0 Kudos
Reply
Rasheed Tamton
Honored Contributor

‎04-10-2007 05:48 PM

‎04-10-2007 05:48 PM

Re: filter/remove last login information.

Hi SR,

For question 1, man remshd.
-t This option disables remshd from logging client connections
to the /var/adm/wtmp file when the client does not use a
secondary stream

Specifically check about the Kerberos setup, if you have one.
The -t option is ineffective in a default Kerberos setup

man 5 sis
(secure internet services)
----------------
1-Make a backup copy of your wtmp to wtmp.bkp

2 -Here we are using fwtmp tool to convert the binary wtmp.bkp to text file (wtmp.txt). Be careful about the redirections.

/usr/lib/acct/fwtmp < wtmp.bkp > wtmp.txt

3 - Edit whatever you want in wtmp.txt

vi wtmp.txt

4- Convert back the modified wtmp.txt file back to original wtmp

/usr/lib/acct/fwtmp -ic < wtmp.txt > wtmp

You are done.

Regards,
Rasheed Tamton.
0 Kudos
Reply
Rasheed Tamton
Honored Contributor

‎04-10-2007 06:49 PM

‎04-10-2007 06:49 PM

Re: filter/remove last login information.

The second part is for your question No.2.

Regards,
Rasheed Tamton.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.