The server is Ubuntu 11.10.
When I issue the "last" command from the command line, it gives the following output:
# last
last: read failed!
wtmp begins Fri Apr 18 15:47:48 2014
This I suspect is happening after a probable hacking attempt on the server, which we have dealt with now. But the "last" command continues not to work. I suspect the hacker disabled this command from working, so that they could cover their trails.
The question is why the command doesn't work and how do I get it fixed so that it works as intended?
Thanks for your expert insight.
Best Answer
This is due to corrupt
wtmp
orutmp
files. As it is possible these got cleared and their permissions reset, I would backup the current ones and reset them. This can be done bycat /dev/null
and directing output to the files.The
last
command should pickup the new files upon reboot.