04-17-2005 12:59 PM
Solved! Go to Solution.
04-17-2005 01:30 PM
# cp /var/adm/wtmp /var/adm/wtmp.old
# cp /var/adm/btmp /var/adm/btmp.old
# cat /dev/null > /var/adm/wtmp
# cat /dev/null > /var/adm/btmp
Make sure you protect wtmp.old and btmp.old with permission mode 600.
Please note the permissions on /var/adm/btmp should be 600 so that normal users cannot see failed login attempts and find out other people's passwords.
04-17-2005 02:15 PM
You can simply cp /dev/null to the files.
04-17-2005 02:39 PM
File btmp contains bad login entries for each invalid logon attempt. File wtmp contains a record of all logins and logouts.
If you want to trim / clear the logs then make a record of the bad / incorrect logins and then trim the logs using fwtmp.
fwtmp reads from the standard input and writes to the standard output, converting binary records of the type found in wtmp to formatted ASCII records. The ASCII version is useful to enable editing, via ed(1), bad records or general purpose maintenance of the file.
You can use sam to trim the logs. Sam--Routine Tasks---System Log Files-----select /var/adm/wtmp and /var/admbtmp then from Action menu select trim to zero.
Note:- Note that wtmp and btmp are not created by the programs that maintain them. Thus, if these files are removed, record-keeping is turned off.