Operating System - HP-UX
1833778 Members
2401 Online
110063 Solutions
New Discussion

Which process restart last/lastb ?

 
SOLVED
Go to solution
Dong-Hwan Cha
New Member

Which process restart last/lastb ?

Hi All,
I want to restart process which concern about last & lastb. But I don't know which process is concerned. If anybody know this, please let me know. In addition, explain the restart procedure.

Have a nice day!
6 REPLIES 6
Robert-Jan Goossens
Honored Contributor

Re: Which process restart last/lastb ?

Hi,

last, lastb - indicate last logins of users and ttys and are stored in the /var/adm/wtmp /var/adm/btmp files. If you would like to recreate them, they will have to be truncated.

# cp /dev/null /var/adm/wtmp
# cp /dev/null /var/adm/btmp

Hope this helps,
Robert-Jan
Dong-Hwan Cha
New Member

Re: Which process restart last/lastb ?

Thanks for your reply.
But I want to know more than you said.
I want to stop & start process which concern about last & lastb, not trucate file.
Is there any process which assosiated with last/lastb?

Thanks.
Michael Tully
Honored Contributor

Re: Which process restart last/lastb ?

There is no active daemon process as such that has these files in memory all the time. These are used when a user attempts logins whether good or bad.
The login process does all of this. Have a look at the login (1) man page.

One further item, make sure that you have PHNE_24829 loaded and follow the special intructions. It actually assists with not having wtmp/utmp files getting corrupted.
Anyone for a Mutiny ?
Robert-Jan Goossens
Honored Contributor

Re: Which process restart last/lastb ?

More info.

inetd is the process which controlles the login. This process is configured in the /etc/inetd.conf.

/var/adm/btmp
=============
If /var/adm/btmp exists, the login process updates it automatically whenever a bad login attempt occurs. To create this file, issue the command:

touch /var/adm/btmp

Note, you must be root to write to the /var directory.

Read the /var/adm/btmp file using the lastb command, to determine whether unauthorized users are attempting to login (see last(1) in the HP-UX Reference).
-------------------------------------------------------------------------
NOTE:
For security purposes, be sure /var/adm/btmp is not readable by users.
-------------------------------------------------------------------------
/var/adm/wtmp
=============

The login process automatically updates /var/adm/wtmp whenever a user
successfully logs in. Read this file using the last command (see last(1) in the HP-UX Reference).

Hope this helps,
Robert-Jan
Dong-Hwan Cha
New Member

Re: Which process restart last/lastb ?

When I ran 'last' command, following error occurred. So I thought there was any process related with this command.
If there was not process related with 'last' command, how can I fix this problem?

---------------------------------------
[/home/kernelia] last
Memory fault(coredump)
Robert-Jan Goossens
Honored Contributor
Solution

Re: Which process restart last/lastb ?

Typically, the last command will fail because either the /var/adm/btmp or /var/adm/wtmp file is corrupted. The following procedure will determine if
this is the cause and also determine which file is corrupted.

1. Make backup copies of the /var/adm/btmp and /var/adm/wtmp files.
# cp /var/adm/btmp /var/adm/btmp.old
# cp /var/adm/wtmp /var/adm/wtmp.old

2. Clear out the btmp and wtmp files.
# > /var/adm/btmp
# > /var/adm/wtmp

3. Try the last command to see if it still gives the errors.
# /usr/bin/last

4. If the command ran without a memory fault, then this indicates that the btmp
or wtmp was corrupt.

5. Copy the /var/adm/btmp.old to /var/adm/btmp.
# cp /var/adm/btmp.old /var/adm/btmp.

6. Run the last command again. If the command runs successfully, this indicates that the wtmp was corrupt. If it fails, this would indicate that the btmp file was corrupt.

7. Repeat steps 5 and 6 using the wtmp file. To test it for integrity.

8. Whichever file was corrupt and causing the problem should be cleard out as was done in step 2.

Regards.