chkwtmp (1)

Leading comments

Copyright (c) DFN-CERT, Univ. of Hamburg 1994

Univ. Hamburg, Dept. of Computer Science
DFN-CERT
Vogt-Koelln-Strasse 30
22527 Hamburg
Germany

@(#) $Header: chkwtmp.1,v

(The comments found at the beginning of the groff file "man1/chkwtmp.1".)

NAME

chkwtmp - check wtmp-file for deleted entries

SYNOPSIS

chkwtmp

DESCRIPTION

Chkwtmp examines the file /var/log/wtmp for entries with no information (containing only null-bytes). If such entries are found the program prints the time window for the original entry. This is done by displaying the timestamps of the wtmp-entry before and after the deleted entry.
To run chkwtmp you need read permission on the file /var/log/wtmp. Normally this file is world-readable and no special privileges are required to run the checker.

FILES

/var/log/wtmp

login data base

SEE ALSO

wtmp(4), who(1)

LIMITATIONS

An entry is recognized as overwritten if the time-information has been overwritten with null-bytes.
This program was designed to run on SunOS 4.x systems only. On other systems the output is undefined...