Q. How do I clear or remove last login information? I would like to clear all the login information. I am using Fedora Core 6 Linux.
A. /var/log/lastlog file stores user last login information. This is binary file. You need to use lastlog command to formats and prints the contents of the last login log /var/log/lastlog file.
Following information is printed using lastlog command:
=> The login-name
=> Port
=> Last login time
Task: Display last login information
Simply type lastlog:
$ lastlog
Output:
Username Port From Latest root tty1 Thu Jan 25 15:23:50 +0530 2007 daemon **Never logged in** bin **Never logged in** sys **Never logged in** sync **Never logged in** vivek tty1 Sat Jan 27 22:10:36 +0530 2007 pdnsd **Never logged in** sshd **Never logged in** messagebus **Never logged in** bind **Never logged in** sweta tty1 Sat Jan 27 19:55:22 +0530 2007
Note: If the user has never logged in the message "**Never logged in**" will be displayed instead of the port and time.
Task: Clear last login information
Simply overwrite /var/log/lastlog file. You must be the root user. First make a backup of /var/log/lastlog:
# cp /var/log/lastlog /root
Now overwrite file using any one of the following command:
# >/var/log/lastlog
OR
# cat > /var/log/lastlog
Press CTR+D
You should follow me on twitter here or grab rss feed to keep track of new changes.
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012

- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop













{ 13 comments… read them below or add one }
maybe simpler:
sudo touch /var/log/lastlog ?
Daniel,
Touch command update the access and modification times of each FILE to the current time. So it will not empty the file.
If file is deleted, you can use touch command. Agin you need to run chmod to set correct permission:
sudo /bin/rm /var/log/lastlogsudo touch /var/log/lastlog
soud chown root:adm /var/log/lastlog
Lastlog will not have su information. Like user1 su to user2 this login information will not update the lastlog file. Is it possible to customize this to update su information also into lastlogin ? If yes please help me how to do this.
ln -sf /dev/null /var/log/lastlog
Even Simpler (to remove the contents of file /var/log/lastlog)
Type -
>/var/log/lastlog
Thatis it. File/Log everything is clear..
‘Course it works like a charm and is very simple, but how on earth do ik keep the file empty? On logon it gets updated en thus rewritten if “damaged”. Only Emcgfx’ method persists:
ln -sf /dev/null /var/log/lastlog
this is very good way to remove login info of user because
when user logins its info goes to the file /var/log/lastlog —> /dev/null
means data goes to /dev/null and this will be distroyed
That didn’t work for me on CentOS 5.2
I had a file named ‘wtmp’ (/var/log/wtmp?) that also needed emptying
You can keep any “file” clean and cleared using a link to /dev/null. If it is possible to replace the file with a link – and the process accessing it is capable of using the link instead of complaining – it will work.
Depending on your shell settings, you may have to replace:
>/var/log/lastlog
with:
>|/var/log/lastlog
Here is the thing.. if u delete the login details, you are logged into /var/log/messages.
If you delete the that in message and command history , that is again logged rite ? how do u stop this cycle ?
Hi,
The easiest way to hide the Last Login information from displaying is:
1. create an empty file namely “.hushlogin” in user’s Home directory. Remember that the file name starts with a dot. you can use the command:
touch .hushlogin
2. Logout and then again login with that username/password, you can see that now there is no more last login information appears.
Thanks.
Why would I ever need a backup of such creepy ass*ole file as lastlog?