In Linux and Unix operating system, it’s possible to use “last” command to display and show the last logged in (and out) users history, and “lastb” command to show and display all the bad login attempts. The users’ login history is been logged and saved in wtmp file while faild login attempts is been stored in btmp file, both files usually located in /var/log directory.
The logging of information into wtmp and btmp is continuous, and can potentially make the wtmp and btmp files grow very to a very big size. The situation is especially true to btmp, which logs failed or bad login attemps to the system, if the administrator does not disable FTP or SSH password authentication, and the server is been attacked via brute-force breaking in attempts, where any wrong user name or incorrect password been logged to btmp.
In addition, administrator may also want to clear and erase the history of login history once in a while. Or, system that running low or almost running out of disk space on /var may want to purge and delete the wtmp and btmp to reclaim and save some disk space.
In any case, the proper way to clear and reset wtmp and btmp files is by piping a blank input to the file, overwriting and replace all existing content. The command that can be used has the syntax like below:
cat /dev/null > /var/log/wtmp
or, on some system, simply like below:
Note: Change the path and file name (i.e. btmp) accordingly.
Above commands will remove, clear and empty the content of the btmp or wtmp files, allowing new information to be started logging afresh again. The file is not been deleted or erased, and is leaved intact, as the btmp and wtmp files will not be recreated when not found. The system only logs information into these files if they are present.
Tip: For people who has already deleted the wtmp and btmp files, just re-create the file by touch command, and assign a proper permissions to the file (-rw-rw-r– root utmp or -rw—— root utmp btmp), or else “Excess permission or bad ownership on file /var/log/btmp or /var/log/wtmp” may occur.
Note that there may be files named as wtmp.1, wtmp.2 wtmp.3, wtmp.4, btmp.1, btmp.2, btmp.3, btmp.4, which are the backup archives, and can be safely removed or deleted.
Share This Post
- Able2Extract Professional 11 Review – A Powerful PDF Tool
- How to Install Windows 10 & Windows 8.1 with Local Account (Bypass Microsoft Account Sign In)
- How to Upgrade CentOS/Red Hat/Fedora Linux Kernel (cPanel WHM)
- How to Install Popcorn Time Movies & TV Shows Streaming App on iOS (iPhone & iPad) With No Jailbreak
- Stream & Watch Free Torrent Movies & TV Series on iOS with Movie Box (No Jailbreak)
- PDF Conversa Free Download With Genuine License Key Code
- Windows 10 20H1 Insider Preview Build 18898 Released to the Fast Ring with Task Manager Improvements
- Dashlane Premium Free 1-Year Access With No Cost
- Media Creation Tool for Windows 10 Build 18362 (19H1)
- Windows 10 Insider Preview Build 18885 (20H1) Released to Windows Insiders in Fast Ring – Here What’s New, Fixes, Changes, Improvements