If my aim is to delete IP 1.2.3.4 from:
/var/log/wtmp, /var/log/btmp, /var/log/lastlog
Which commands can I use on CentOS 6.7 64bit Linux?
I see I can't delete it using sed as it is some binary file or such.
Asked
Active
Viewed 248 times
1
-
What a curious question! The first two things that come to mind are: trying to cover someone's tracks, or a homework/lab test to understand wtmp record formats. – Jeff Schaller Mar 05 '16 at 23:37
-
Another possibility came to mind -- are you trying to clean up after a large number of successful and/or failed login attempts? That would nudge me towards a file-rotation solution. – Jeff Schaller Mar 05 '16 at 23:40
1 Answers
1
Even though the reason you are asking this question doesn't sound kosher to me, I'd suggest you use your google knowledge to look for a utility called wtmpclean. I will never imagine myself tampering with any critical system logs, but to each, his own. Hence I have never tried using it but I have seen it mentioned elsewhere.
Let me offer a piece of unsolicited advice:
if you are thinking of "hacking" some other person's system, DON'T! It never ends well.
if you have made a mistake at work and trying to cover your tracks,
worse than the case above. There are always watchers, watching the
watchers. And you will find yourself in hot water in no time. Just
own up to your mistake and make a statement why it happened and how
you are going to prevent it from happening again. No reasonable
supervisor will fire a sysadmin who owns up to his or her mistakes,
unless this is a pattern. In which case, unfortunately, no tool will be of any help to you in the long term.
MelBurslan
- 6,836
- 2
- 24
- 35
-
There are also others that forward logs, and if they spot discrepancies it will more complicated... – Rui F Ribeiro Mar 06 '16 at 08:13