Rebuilding wtmp
Kyle Mott
kyle at xraided.net
Mon Jul 12 17:09:33 PDT 2004
> -----Original Message-----
> From: aardvark [mailto:aardvark at saintaardvarkthecarpeted.com]
> Sent: Monday, July 12, 2004 4:40 PM
> To: Kyle Mott
> Cc: freebsd-questions at freebsd.org
> Subject: Re: Rebuilding wtmp
>
> Kyle Mott disturbed my sleep to write:
> > I read a few manpages and did some google'ing, and couldn't find
much of
> > anything about rebuilding wtmp. I tried just moving wtmp to wtmp.old
and
> > then doing 'touch wtmp', then logging out and back in, but it still
> > reads 31Dec69. Is there some way to fix this? Thanks all.
>
> It's possible that there's some process holding open wtmp. (You could
> check this by adding lsof ("list open files") from ports -- *very*
handy
> to have around on general principle). If this is the case, probably
> the easiest way to fix things would be to rename the file, touch wtmp,
> then reboot.
>
Thank's for the lsof tip, though I couldn't find anything using wtmp.
I've tried rebooting with an empty wtmp plenty of times before, all to
no avail.
> Interestingly enough, a Google for "wtmp freebsd" turned up this
message
> from the FreeBSD-Security list:
>
> http://archives.neohapsis.com/archives/freebsd/2001-07/0055.html
>
> which suggests "cp /dev/null /var/log/wtmp" to fix things -- at least
on
> Solaris.
>
I tried this already, and it didn't work. On a system that I have a
good, uncorrupted version of wtmp, I can do 'mv wtmp wtmp.old && touch
wtmp', then logout and log back in, and it reports the dates fine. I can
also write a bunch of gibberish to wtmp (via /dev/random), and then
logout and back in, and it still reports the dates correctly. I'm just
confused.
-Kyle Mott
> I am now blessing your keyboard...
>
> --
> Saint Aardvark the Carpeted
> aardvark at saintaardvarkthecarpeted.com
> Because the plural of Anecdote is Myth.
More information about the freebsd-questions
mailing list