HPE Community
Operating System - HP-UX
1833199 Members
3103 Online
110051 Solutions
New Discussion

How to purge btmp&wtmp under /var/adm?

 
ericfjchen
Regular Advisor

‎01-23-2005 05:40 PM

‎01-23-2005 05:40 PM

How to purge btmp&wtmp under /var/adm?

Can we do '>btmp'?
0 Kudos
Reply
8 REPLIES 8
ericfjchen
Regular Advisor

‎01-23-2005 05:41 PM

‎01-23-2005 05:41 PM

Re: How to purge btmp&wtmp under /var/adm?

It is HP-UX 10.20.
0 Kudos
Reply
Indira Aramandla
Honored Contributor

‎01-23-2005 07:00 PM

‎01-23-2005 07:00 PM

Re: How to purge btmp&wtmp under /var/adm?

Hi Eric,

File btmp contains bad login entries for each invalid logon attempt. File wtmp contains a record of all logins and logouts.

wtmp and btmp tend to grow without bound, and should be checked regularly. Information that is no longer useful should be removed periodically to prevent it from becoming too large.

You can use sam to trim the logs. Sam--àRoutine Tasks---àSystem Log Files-----select /var/adm/wtmp and /var/admbtmp then from Action menu select trim to zero.

Note:- If these files are removed, record-keeping is turned off. Before triming the logs if you want to make a record of the incorrect / bad logins you can use fwtmp which reads from the wtmp file converting binary records to formatted ASCII records.

Indir
Never give up, Keep Trying
0 Kudos
Reply
Yogeeraj_1
Honored Contributor

‎01-23-2005 07:13 PM

‎01-23-2005 07:13 PM

Re: How to purge btmp&wtmp under /var/adm?

hi,

as Indira mentioned above, unless you want to keep the information contained in these files, you may trim them to zero.

you can also do:
cat /dev/null > /var/adm/btmp

hope this helps!

regards
yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
0 Kudos
Reply
Fred Ruffet
Honored Contributor

‎01-23-2005 07:22 PM

‎01-23-2005 07:22 PM

Re: How to purge btmp&wtmp under /var/adm?

"man runacct" and "man 1M acct" should be a good start. Rather than losing accounting information, you can log it.

Regards,

Fred
--

"Reality is just a point of view." (P. K. D.)
0 Kudos
Reply
Jannik
Honored Contributor

‎01-23-2005 07:49 PM

‎01-23-2005 07:49 PM

Re: How to purge btmp&wtmp under /var/adm?

Hey,

When the file i becomming to big, I usally make a bakup of the file and then:
/usr/sbin/acct/fwtmp < /var/adm/btmp > /var/tmp/btmp.tmp
tail -n -2048 /var/tmp/btmp.tmp >/var/tmp/btmp.tmp1
/usr/sbin/acct/fwtmp -ic < /var/tmp/btmp.tmp1 > /var/adm/btmp

This will keep the most resent data. The commad lastb is the one using btmp, often you are able to see password of other users in the file, but thats another story, but make sure only root is able to read/write the file:
-rw------- 1 root other 1024 Dec 30 14:36 btmp
jaton
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎01-24-2005 03:39 AM

‎01-24-2005 03:39 AM

Re: How to purge btmp&wtmp under /var/adm?

The safest thing to do is run accounting, which will re-create these files. This includes fixing permissions and corruptions that can occur with these files.

It's actually a great practice, though under utilized, to run system accounting. Read the man pages for runacct for more information.

Basics:
/usr/sbin/acct/turnacct on

vi /etc/acct/holidays
# Make sure the year is correct

/usr/sbin/acct/runacct

If you do not plan to maintain accounting then run:
/usr/sbin/acct/turnacct off

If you plan to maintain system accounting, vi /etc/rc.config.d/acct and set the variable to 1 so that accounting starts at system boot.

Regards,
Shannon
Microsoft. When do you want a virus today?
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎01-24-2005 06:56 AM

‎01-24-2005 06:56 AM

Re: How to purge btmp&wtmp under /var/adm?

Sure - you can do a

> btmp

or cp /dev/null > btmp

Or use sam

Tip:
Want to know what SAM does?
Run '/usr/sam/bin/samlog_viewer' and see what commands SAM ran.
Or you can 'view' /var/sam/log/samlog to search for yourself.


Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎01-24-2005 06:59 AM

‎01-24-2005 06:59 AM

Re: How to purge btmp&wtmp under /var/adm?

Another thing you can do is, install logrotate:

http://hpux.ee.ualberta.ca/hppd/hpux/Sysadmin/logrotate-2.5/

# cat logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 5

# create new (empty) log files after rotating old ones
create

# uncomment this if you want your log files compressed
#compress

# packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp -- we'll rotate them here
/var/adm/wtmp {
monthly
create 0664 adm adm
rotate 1
}

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.