Linux Remove or Clear the Last Login Information

by on January 27, 2007 · 14 comments· LAST UPDATED January 7, 2014

in , ,

I am a Fedora Linux user (SysAdmin) and I would like to clear all the login information. How do I clear or remove last login information on Linux operating systems?

The /var/log/lastlog file stores user last login information. This is binary file and act as database times of previous user logins. You need to use lastlog command to formats and prints the contents of the last login log /var/log/lastlog file.
Tutorial details
DifficultyEasy (rss)
Root privilegesYes
RequirementsNone
Estimated completion time1m

lastlog command

The lastlog command shows the most recent login of all users or of a given user. The Following information is printed using lastlog command:

=> The login-name

=> Port

=> Last login time

Task: Display last login information

Simply type the lastlog command :
$ lastlog
Sample outputs:

Username         Port     From             Latest
root             tty1                      Thu Jan 25 15:23:50 +0530 2007
daemon                                     **Never logged in**
bin                                        **Never logged in**
sys                                        **Never logged in**
sync                                       **Never logged in**
vivek            tty1                      Sat Jan 27 22:10:36 +0530 2007
pdnsd                                      **Never logged in**
sshd                                       **Never logged in**
messagebus                                 **Never logged in**
bind                                       **Never logged in**
sweta           tty1                      Sat Jan 27 19:55:22 +0530 2007

Note: If the user has never logged in the message "**Never logged in**" will be displayed instead of the port and time.

Task: Clear last login information by deleting /var/log/lastlog

Simply overwrite /var/log/lastlog file. You must be the root user. First make a backup of /var/log/lastlog:
# cp /var/log/lastlog /root
Now overwrite file using any one of the following command:
# >/var/log/lastlog
OR
# cat > /var/log/lastlog

Press CTR+D to save the changes.

last and lastb commands

Use last or lastb command to display listing of last logged in users:
$ last
OR
$ lastb
Sample outputs:

root     pts/1        10.1.6.120       Tue Jan  7 16:43   still logged in
root     pts/0        10.1.6.120       Tue Jan  7 15:52   still logged in
root     pts/0        10.1.6.120       Tue Jan  7 11:20 - 15:07  (03:47)
root     pts/1        10.1.6.120       Tue Jan  7 07:07 - 09:50  (02:43)
root     pts/0        10.1.6.120       Tue Jan  7 05:00 - 07:22  (02:21)
root     pts/0        10.1.6.120       Mon Jan  6 14:16 - 16:36  (02:20)
root     pts/0        10.1.6.120       Sun Jan  5 16:37 - 17:01  (00:23)
root     pts/0        10.1.6.120       Sun Jan  5 15:12 - 15:39  (00:26)
root     pts/0        10.1.6.120       Sun Jan  5 14:45 - 15:05  (00:20)
root     pts/2        10.1.6.120       Sun Jan  5 12:53 - 15:46  (02:53)
root     pts/0        10.1.6.120       Sun Jan  5 12:52 - 12:53  (00:00)
root     pts/1        10.1.6.120       Sun Jan  5 11:09 - 14:29  (03:20)
root     pts/0        10.1.6.120       Sun Jan  5 10:05 - 12:19  (02:14)
reboot   system boot  2.6.32-431.3.1.e Sun Jan  5 10:02 - 16:48 (2+06:46)
root     pts/0        10.1.6.120       Sun Jan  5 09:58 - down   (00:00)
root     pts/0        10.1.6.120       Sun Jan  5 03:33 - 05:45  (02:12)
root     pts/1        10.1.6.120       Sat Jan  4 15:06 - 17:28  (02:21)
root     pts/0        10.1.6.120       Sat Jan  4 13:46 - 15:58  (02:11)
root     pts/0        10.1.6.120       Sat Jan  4 05:05 - 07:16  (02:11)
root     pts/1        10.1.6.120       Fri Jan  3 14:29 - 15:44  (01:15)
root     pts/0        10.1.6.120       Fri Jan  3 13:20 - 15:32  (02:11)
root     pts/0        10.1.6.120       Thu Jan  2 05:19 - 05:32  (00:13)
root     pts/0        10.1.6.120       Tue Dec 31 13:57 - 16:06  (02:09)
wtmp begins Tue Dec 31 13:57:23 2013

last and lastb use /var/log/wtmp and /var/log/btmp files to log information. You can use the following command to clear wtmp/btmp:
# >/var/log/wtmp
# >/var/log/btmp

For more information see man pages - lastlog(8), last(1), login(1), wtmp(5)

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 14 comments… read them below or add one }

1 Daniel K January 29, 2007 at 7:17 am

maybe simpler:

sudo touch /var/log/lastlog ?

Reply

2 nixCraft January 29, 2007 at 3:07 pm

Daniel,

Touch command update the access and modification times of each FILE to the current time. So it will not empty the file.

If file is deleted, you can use touch command. Agin you need to run chmod to set correct permission:

sudo /bin/rm /var/log/lastlog
sudo touch /var/log/lastlog
soud chown root:adm /var/log/lastlog

Reply

3 Vasudeva May 2, 2008 at 3:34 pm

Lastlog will not have su information. Like user1 su to user2 this login information will not update the lastlog file. Is it possible to customize this to update su information also into lastlogin ? If yes please help me how to do this.

Reply

4 emcgfx September 1, 2008 at 8:18 am

ln -sf /dev/null /var/log/lastlog

Reply

5 Amit Verma February 2, 2009 at 12:04 pm

Even Simpler (to remove the contents of file /var/log/lastlog)
Type -

>/var/log/lastlog

Thatis it. File/Log everything is clear..

Reply

6 Schop March 16, 2009 at 6:36 pm

‘Course it works like a charm and is very simple, but how on earth do ik keep the file empty? On logon it gets updated en thus rewritten if “damaged”. Only Emcgfx’ method persists:

09.01.08 at 8:18 am
# ln -sf /dev/null /var/log/lastlog

Reply

7 choyal July 14, 2009 at 3:29 am

ln -sf /dev/null /var/log/lastlog

this is very good way to remove login info of user because
when user logins its info goes to the file /var/log/lastlog —> /dev/null
means data goes to /dev/null and this will be distroyed

Reply

8 Me September 18, 2009 at 4:43 pm

That didn’t work for me on CentOS 5.2

I had a file named ‘wtmp’ (/var/log/wtmp?) that also needed emptying

Reply

9 Schop September 18, 2009 at 7:01 pm

You can keep any “file” clean and cleared using a link to /dev/null. If it is possible to replace the file with a link – and the process accessing it is capable of using the link instead of complaining – it will work.

Reply

10 Steven April 23, 2010 at 7:30 pm

Depending on your shell settings, you may have to replace:
>/var/log/lastlog
with:
>|/var/log/lastlog

Reply

11 qweeak September 10, 2011 at 8:55 pm

Here is the thing.. if u delete the login details, you are logged into /var/log/messages.
If you delete the that in message and command history , that is again logged rite ? how do u stop this cycle ?

Reply

12 Shakeel Ahmed April 6, 2012 at 7:52 am

Hi,

The easiest way to hide the Last Login information from displaying is:

1. create an empty file namely “.hushlogin” in user’s Home directory. Remember that the file name starts with a dot. you can use the command:

touch .hushlogin

2. Logout and then again login with that username/password, you can see that now there is no more last login information appears.

Thanks.

Reply

13 Earl Fox July 9, 2012 at 2:12 pm

Why would I ever need a backup of such creepy ass*ole file as lastlog?

Reply

14 Raphael September 3, 2013 at 12:29 pm

Rather than
# cat > /var/log/lastlog

…and then having to press ^D (maybe confusing for the inexperienced).

You could always do:

# cat /dev/null > /var/log/lastlog

No control-D pressing required.

R

Reply

Leave a Comment

Tagged as: , , , , ,

Previous Faq:

Next Faq: