Linux – last command fails – how to fix it so that it works again

lastlinux

The server is Ubuntu 11.10.

When I issue the "last" command from the command line, it gives the following output:

# last
last: read failed!

wtmp begins Fri Apr 18 15:47:48 2014

This I suspect is happening after a probable hacking attempt on the server, which we have dealt with now. But the "last" command continues not to work. I suspect the hacker disabled this command from working, so that they could cover their trails.

The question is why the command doesn't work and how do I get it fixed so that it works as intended?

Thanks for your expert insight.

Best Answer

This is due to corrupt wtmp or utmp files. As it is possible these got cleared and their permissions reset, I would backup the current ones and reset them. This can be done by cat /dev/null and directing output to the files.

The last command should pickup the new files upon reboot.

Related Solutions

Linux – How to run a command multiple times, using bash shell

I don't think a command or shell builtin for this exists, as it's a trivial subset of what the Bourne shell for loop is designed for and implementing a command like this yourself is therefore quite simple.

Per JimB's suggestion, use the Bash builtin for generating sequences:

for i in {1..10}; do command; done

For very old versions of bash, you can use the seq command:

for i in `seq 10`; do command; done

This iterates ten times executing command each time - it can be a pipe or a series of commands separated by ; or &&. You can use the $i variable to know which iteration you're in.

If you consider this one-liner a script and so for some unspecified (but perhaps valid) reason undesireable you can implement it as a command, perhaps something like this on your .bashrc (untested):

#function run
run() {
    number=$1
    shift
    for i in `seq $number`; do
      $@
    done
}

Usage:

run 10 command

Example:

run 5 echo 'Hello World!'

Linux – Getting login year data with the ‘last’ command on linux

man last
...
       -F     Print full login and logout times and dates.
...

So, use last -F

Best Answer

Related Solutions

Linux – How to run a command multiple times, using bash shell

Linux – Getting login year data with the ‘last’ command on linux

Related Topic