≡ Menu

Linux Remove or Clear the Last Login Information

I am a Fedora Linux user (SysAdmin) and I would like to clear all the login information. How do I clear or remove last login information on Linux operating systems?

The /var/log/lastlog file stores user last login information. This is binary file and act as database times of previous user logins. You need to use lastlog command to formats and prints the contents of the last login log /var/log/lastlog file.
Tutorial details
DifficultyEasy (rss)
Root privilegesYes
RequirementsNone
Estimated completion time1m

lastlog command

The lastlog command shows the most recent login of all users or of a given user. The Following information is printed using lastlog command:

=> The login-name

=> Port

=> Last login time

Task: Display last login information

Simply type the lastlog command :
$ lastlog
Sample outputs:

Username         Port     From             Latest
root             tty1                      Thu Jan 25 15:23:50 +0530 2007
daemon                                     **Never logged in**
bin                                        **Never logged in**
sys                                        **Never logged in**
sync                                       **Never logged in**
vivek            tty1                      Sat Jan 27 22:10:36 +0530 2007
pdnsd                                      **Never logged in**
sshd                                       **Never logged in**
messagebus                                 **Never logged in**
bind                                       **Never logged in**
sweta           tty1                      Sat Jan 27 19:55:22 +0530 2007

Note: If the user has never logged in the message "**Never logged in**" will be displayed instead of the port and time.

Task: Clear last login information by deleting /var/log/lastlog

Simply overwrite /var/log/lastlog file. You must be the root user. First make a backup of /var/log/lastlog:
# cp /var/log/lastlog /root
Now overwrite file using any one of the following command:
# >/var/log/lastlog
OR
# cat > /var/log/lastlog

Press CTR+D to save the changes.

last and lastb commands

Use last or lastb command to display listing of last logged in users:
$ last
OR
$ lastb
Sample outputs:

root     pts/1        10.1.6.120       Tue Jan  7 16:43   still logged in
root     pts/0        10.1.6.120       Tue Jan  7 15:52   still logged in
root     pts/0        10.1.6.120       Tue Jan  7 11:20 - 15:07  (03:47)
root     pts/1        10.1.6.120       Tue Jan  7 07:07 - 09:50  (02:43)
root     pts/0        10.1.6.120       Tue Jan  7 05:00 - 07:22  (02:21)
root     pts/0        10.1.6.120       Mon Jan  6 14:16 - 16:36  (02:20)
root     pts/0        10.1.6.120       Sun Jan  5 16:37 - 17:01  (00:23)
root     pts/0        10.1.6.120       Sun Jan  5 15:12 - 15:39  (00:26)
root     pts/0        10.1.6.120       Sun Jan  5 14:45 - 15:05  (00:20)
root     pts/2        10.1.6.120       Sun Jan  5 12:53 - 15:46  (02:53)
root     pts/0        10.1.6.120       Sun Jan  5 12:52 - 12:53  (00:00)
root     pts/1        10.1.6.120       Sun Jan  5 11:09 - 14:29  (03:20)
root     pts/0        10.1.6.120       Sun Jan  5 10:05 - 12:19  (02:14)
reboot   system boot  2.6.32-431.3.1.e Sun Jan  5 10:02 - 16:48 (2+06:46)
root     pts/0        10.1.6.120       Sun Jan  5 09:58 - down   (00:00)
root     pts/0        10.1.6.120       Sun Jan  5 03:33 - 05:45  (02:12)
root     pts/1        10.1.6.120       Sat Jan  4 15:06 - 17:28  (02:21)
root     pts/0        10.1.6.120       Sat Jan  4 13:46 - 15:58  (02:11)
root     pts/0        10.1.6.120       Sat Jan  4 05:05 - 07:16  (02:11)
root     pts/1        10.1.6.120       Fri Jan  3 14:29 - 15:44  (01:15)
root     pts/0        10.1.6.120       Fri Jan  3 13:20 - 15:32  (02:11)
root     pts/0        10.1.6.120       Thu Jan  2 05:19 - 05:32  (00:13)
root     pts/0        10.1.6.120       Tue Dec 31 13:57 - 16:06  (02:09)
wtmp begins Tue Dec 31 13:57:23 2013

last and lastb use /var/log/wtmp and /var/log/btmp files to log information. You can use the following command to clear wtmp/btmp:
# >/var/log/wtmp
# >/var/log/btmp

For more information see man pages - lastlog(8), last(1), login(1), wtmp(5)

Tweet itFacebook itGoogle+ itPDF itFound an error/typo on this page?

{ 14 comments… add one }

  • Daniel K January 29, 2007, 7:17 am

    maybe simpler:

    sudo touch /var/log/lastlog ?

  • nixCraft January 29, 2007, 3:07 pm

    Daniel,

    Touch command update the access and modification times of each FILE to the current time. So it will not empty the file.

    If file is deleted, you can use touch command. Agin you need to run chmod to set correct permission:

    sudo /bin/rm /var/log/lastlog
    sudo touch /var/log/lastlog
    soud chown root:adm /var/log/lastlog

  • Vasudeva May 2, 2008, 3:34 pm

    Lastlog will not have su information. Like user1 su to user2 this login information will not update the lastlog file. Is it possible to customize this to update su information also into lastlogin ? If yes please help me how to do this.

  • emcgfx September 1, 2008, 8:18 am

    ln -sf /dev/null /var/log/lastlog

  • Amit Verma February 2, 2009, 12:04 pm

    Even Simpler (to remove the contents of file /var/log/lastlog)
    Type –

    >/var/log/lastlog

    Thatis it. File/Log everything is clear..

  • Schop March 16, 2009, 6:36 pm

    ‘Course it works like a charm and is very simple, but how on earth do ik keep the file empty? On logon it gets updated en thus rewritten if “damaged”. Only Emcgfx’ method persists:

    09.01.08 at 8:18 am
    # ln -sf /dev/null /var/log/lastlog

  • choyal July 14, 2009, 3:29 am

    ln -sf /dev/null /var/log/lastlog

    this is very good way to remove login info of user because
    when user logins its info goes to the file /var/log/lastlog —> /dev/null
    means data goes to /dev/null and this will be distroyed

  • Me September 18, 2009, 4:43 pm

    That didn’t work for me on CentOS 5.2

    I had a file named ‘wtmp’ (/var/log/wtmp?) that also needed emptying

  • Schop September 18, 2009, 7:01 pm

    You can keep any “file” clean and cleared using a link to /dev/null. If it is possible to replace the file with a link – and the process accessing it is capable of using the link instead of complaining – it will work.

  • Steven April 23, 2010, 7:30 pm

    Depending on your shell settings, you may have to replace:
    >/var/log/lastlog
    with:
    >|/var/log/lastlog

  • qweeak September 10, 2011, 8:55 pm

    Here is the thing.. if u delete the login details, you are logged into /var/log/messages.
    If you delete the that in message and command history , that is again logged rite ? how do u stop this cycle ?

    • Shakeel Ahmed April 6, 2012, 7:52 am

      Hi,

      The easiest way to hide the Last Login information from displaying is:

      1. create an empty file namely “.hushlogin” in user’s Home directory. Remember that the file name starts with a dot. you can use the command:

      touch .hushlogin

      2. Logout and then again login with that username/password, you can see that now there is no more last login information appears.

      Thanks.

  • Earl Fox July 9, 2012, 2:12 pm

    Why would I ever need a backup of such creepy ass*ole file as lastlog?

  • Raphael September 3, 2013, 12:29 pm

    Rather than
    # cat > /var/log/lastlog

    …and then having to press ^D (maybe confusing for the inexperienced).

    You could always do:

    # cat /dev/null > /var/log/lastlog

    No control-D pressing required.

    R

Leave a Comment