Q. How do I clear or remove last login information? I would like to clear all the login information. I am using Fedora Core 6 Linux.
A. /var/log/lastlog file stores user last login information. This is binary file. You need to use lastlog command to formats and prints the contents of the last login log /var/log/lastlog file.
Following information is printed using lastlog command:
=> The login-name
=> Port
=> Last login time
Task: Display last login information
Simply type lastlog:
$ lastlog
Output:
Username Port From Latest root tty1 Thu Jan 25 15:23:50 +0530 2007 daemon **Never logged in** bin **Never logged in** sys **Never logged in** sync **Never logged in** vivek tty1 Sat Jan 27 22:10:36 +0530 2007 pdnsd **Never logged in** sshd **Never logged in** messagebus **Never logged in** bind **Never logged in** sweta tty1 Sat Jan 27 19:55:22 +0530 2007
Note: If the user has never logged in the message "**Never logged in**" will be displayed instead of the port and time.
Task: Clear last login information
Simply overwrite /var/log/lastlog file. You must be the root user. First make a backup of /var/log/lastlog:
# cp /var/log/lastlog /root
Now overwrite file using any one of the following command:
# >/var/log/lastlog
OR
# cat > /var/log/lastlog
Press CTR+D
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- My 10 UNIX Command Line Mistakes
- Linux: 20 Iptables Examples For New SysAdmins
- 25 PHP Security Best Practices For Sys Admins
- The Novice Guide To Buying A Linux Laptop
- 10 Greatest Open Source Software Of 2009
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
Facebook it - Tweet it - Print it -
{ 11 comments… read them below or add one }
maybe simpler:
sudo touch /var/log/lastlog ?
Daniel,
Touch command update the access and modification times of each FILE to the current time. So it will not empty the file.
If file is deleted, you can use touch command. Agin you need to run chmod to set correct permission:
sudo /bin/rm /var/log/lastlogsudo touch /var/log/lastlog
soud chown root:adm /var/log/lastlog
Lastlog will not have su information. Like user1 su to user2 this login information will not update the lastlog file. Is it possible to customize this to update su information also into lastlogin ? If yes please help me how to do this.
ln -sf /dev/null /var/log/lastlog
Even Simpler (to remove the contents of file /var/log/lastlog)
Type -
>/var/log/lastlog
Thatis it. File/Log everything is clear..
‘Course it works like a charm and is very simple, but how on earth do ik keep the file empty? On logon it gets updated en thus rewritten if “damaged”. Only Emcgfx’ method persists:
ln -sf /dev/null /var/log/lastlog
this is very good way to remove login info of user because
when user logins its info goes to the file /var/log/lastlog —> /dev/null
means data goes to /dev/null and this will be distroyed
That didn’t work for me on CentOS 5.2
I had a file named ‘wtmp’ (/var/log/wtmp?) that also needed emptying
You can keep any “file” clean and cleared using a link to /dev/null. If it is possible to replace the file with a link – and the process accessing it is capable of using the link instead of complaining – it will work.
Depending on your shell settings, you may have to replace:
>/var/log/lastlog
with:
>|/var/log/lastlog
Here is the thing.. if u delete the login details, you are logged into /var/log/messages.
If you delete the that in message and command history , that is again logged rite ? how do u stop this cycle ?