PDA

View Full Version : login hisotry



anitha2324
27th July 2008, 11:30 PM
Hi All,

as i know that who command displays the current logging users to the machine , but is there any command to keep the history of such logging users with their ips and date and time of logging ...

am newbie to linux

marko
27th July 2008, 11:40 PM
You want the last command

last -i

(-i shows the ip # instead of the hostname)

you can restrict the number of them with the -n arg

last -i -n 50

(show last 50)
or just for a particular user:

last user

anitha2324
7th August 2008, 11:14 PM
Hi thanks for your reply

last -i is working fine to list the user who logged in to the machine but what is the way to clear this list i mean what is the command to clear the entries of the last -i command


i have tried the command history -c but it works only to clean the entries of the history command


i have read the options of the last command but i did not find something to clean it .

so please help me to clean the last command .

marko
7th August 2008, 11:49 PM
There is no actual clean command for last, what will happen is that the logrotate service will eventually move the files that contains the last information to new filenames and then
create empty files in their places:

/var/log/wtmp --> /var/log/wtmp.1
/var/log/btmp --> /var/log/btmp.1

the btmp file is for "bad" login attempts and the good ones go in the wtmp file.

So after that, suddenly when you run last again, the output will be really short instead of the big long list since it will only have the logins since that rotation.

To modify this rotation (it sounds like you'd want to prevent it), you'd need to modify the /etc/logrotate.conf file and comment out or remove those two extra sections that Fedora has for rotating the btmp and wtmp files. You could turn off logrotate entirely but I doubt you want that since it rotates lots of other files?

Why do I suggest stopping logrotate? That's because it sounds like you want to control how far back the last command can show entries and if you don't stop the rotate, then someone can look at old logs by running last with the "-f" option with the older filename that got rotated.

last -f /var/log/wtmp.1

where logrotate put that ".1" on the end to move it out of the way, there might be older files yet like wtmp.2, etc

So to make this short you can clean the last command by doing as root user:

1)
cp /dev/null /var/log/wtmp
cp /dev/null /var/log/btmp

copying /dev/null onto a file effectively deletes its contents and leaves a 0 byte empty file of that name still there. You could just delete the files but I'm not sure how well last deals with the file being missing, it would probably say "No such file or directory".

and 2)
by disabling logrotate for those two files. You could put those two "cp" lines into a script and have the cron service run it occasionally.