[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: wtmp repair - painless



Hi,

On Wed, 2002-12-18 at 11:54, i.t wrote:

> from reiserfs it`s known to happen quite often - wtmp may be corrupted;
> but actually I`m using only ext2/3 on the test machine.
> After 7 days running the RH8 system I`ve noticed the first corruption of wtmp.
> last shows only the line
> wtmp begins Wed Dec 11 09:14:52 2002

> |Sun Dec 15 14:36:34 2002
> ithum                           |:0                              |7|:0  
> |20487|136.46.1.64    |
> 
> I do not have any idea whether this unknown IP address may be a successful 
> hacker attack or not. 

Impossible to say from this --- is your system fully uptodate wrt.
errata?  Have you got it firewalled?

> Or is the corruption the fault of the ext3 filesystem?

Shouldn't be, I've never heard of ext3 corrupting wtmp before.

> Despite that I`d like to know if there is any way of painless repair of wtmp 
> (like wtmpfix on AIX, True64).
> Hexedit shows me a bit garbage (?), but my tries to repair the file have not 
> been successful until now.

The only easy way I know of is just to rotate the file out and
instantiate a new, empty wtmp file.

--Stephen





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]