GNU/Linux man pages
Livre :
Expressions régulières,
Syntaxe et mise en oeuvre :
GNU/Linux |
Debian 4.0(Etch) |
|
 |
chkwtmp(1) |
 |
chkwtmp − check wtmp-file for deleted entries
chkwtmp
Chkwtmp examines the file /var/adm/wtmp for entries with no information (containing only null-bytes). If such entries are found the program prints the time window for the original entry. This is done by displaying the timestamps of the wtmp-entry before and after the deleted entry.
To run chkwtmp you need read permission on the file /var/adm/wtmp. Normally this file is world-readable and no special privileges are required to run the checker.
|
/var/adm/wtmp |
login data base |
wtmp(4), who(1)
An entry is recognized as overwritten if the time-information has been overwritten with null-bytes.
This program was designed to run on SunOS 4.x systems only. On other systems the output is undefined...
|
chkwtmp(1) | |