Ubuntu Manpage: chkwtmp - check wtmp-file for deleted entries

name
synopsis
description
files
see also
limitations

Provided by: chkrootkit_0.52-1ubuntu0.1_amd64

NAME

       chkwtmp - check wtmp-file for deleted entries

SYNOPSIS

       chkwtmp

DESCRIPTION

       Chkwtmp  examines the file /var/log/wtmp for entries with no information (containing only null-bytes). If
       such entries are found the program prints the time window  for  the  original  entry.  This  is  done  by
       displaying the timestamps of the wtmp-entry before and after the deleted entry.

       To  run chkwtmp you need read permission on the file /var/log/wtmp.  Normally this file is world-readable
       and no special privileges are required to run the checker.

FILES

       /var/log/wtmp       login data base

LIMITATIONS

       An entry is recognized as overwritten if the time-information has been overwritten with null-bytes.

       This program was designed to run on SunOS 4.x systems only. On other systems the output is undefined...

NAME

SYNOPSIS

DESCRIPTION

FILES

SEE ALSO

LIMITATIONS