On Mon, Jun 02, 2003 at 03:49:10PM +0100, Brough, Tom wrote: > wtmp by the way if you where wandering is the record of bad logins good for > checking for "forced" cracking, but also used by hackers (as sometimes > people put their password in the login field by mistake and this gets > recorded "plain text" in wtmp). Note also that wtmp and utmp are compressed, > there are some tools for viewing these files but I havent touched on them > for ages, I think they are part of the accounting package but dont quote me > on that one.
Note that wtmp and utmp are not compressed. Just do "man wtmp" to see the format. There are generally system tools to look through them, too, "last" being the most common. The man page for wtmp actually will give you all that information and more. One of my first professional C programs dug through wtmp on an Ultrix machine to bill people for usage. Michael -- Michael Darrin Chaney [EMAIL PROTECTED] http://www.michaelchaney.com/ -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
