Provided by: chkrootkit_0.55-4_amd64
chkwtmp - check wtmp file deleted entries
chkwtmp looks for data deleted from wtmp
chkwtmp examines the file /var/log/wtmp for entries which have been overwritten (containing only null-bytes). If such entries are found the program displays the timestamps of the entries before and after the deleted entry, providing an idea of when the entry was deleted. chkwtmp needs to be able to read /var/log/wtmp. Normally this file is world-readable so no special privileges are required.
/var/log/wtmp database of logins and logouts.
An entry is recognized as overwritten if the time-information has been overwritten with null-bytes. This program was originally designed to run on SunOS 4.x systems. On other systems the output is undefined. Oct 23, 2021 CHKWTMP(8)