LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   How do you clear reboot history? (https://www.linuxquestions.org/questions/linux-newbie-8/how-do-you-clear-reboot-history-882493/)

Robert G 05-24-2011 01:49 PM
How do you clear reboot history?
 
I don't mind a few lines of reboots, but this is getting rather long:

Last login: Tue May 24 11:24:31 2011
Rebooted at 10:14AM 03/25/10 2.6.18-164.el5
Rebooted at 11:13AM 04/22/10 2.6.18-164.el5
Rebooted at 10:54AM 06/01/10 2.6.18-164.el5
Rebooted at 16:19PM 08/12/10 2.6.18-164.el5
Rebooted at 17:02PM 08/16/10 2.6.18-164.el5
Rebooted at 10:38AM 08/19/10 2.6.18-164.el5
Rebooted at 10:46AM 10/05/10 2.6.18-164.el5
Rebooted at 13:21PM 11/11/10 2.6.18-164.el5
Rebooted at 17:35PM 12/15/10 2.6.18-164.el5
Rebooted at 18:55PM 02/16/11 2.6.18-164.el5
Rebooted at 14:01PM 02/17/11 2.6.18-164.el5
Rebooted at 14:27PM 02/21/11 2.6.18-164.el5
Rebooted at 10:57AM 05/23/11 2.6.18-164.el5
Rebooted at 11:05AM 05/23/11 2.6.18-164.el5

How can I clear (or reduce) the history that comes up when ssh to my host?

macemoneta 05-24-2011 02:46 PM
You can just change the 'last reboot' in your profile to specify the number of entries you want to see. For example, 'last -n3 reboot'. You can change your /etc/logrotate.conf to reduce the rotation interval for /var/log/wtmp, if you just want to keep less data.

Robert G 05-24-2011 03:28 PM
Thank you, but need more information. Where do I change 'last reboot' in my profile?

T3RM1NVT0R 05-24-2011 03:43 PM
@ Reply
 
Hi there,

You can run the following commands to clear up the history:

mv /var/log/wtmp /var/log/wtmp.old && touch /var/log/wtmp

Remember this will clear up all history because you are renaming the file (wtmp is the file use to log reboot, login etc history) using the above command and at the same time you are creating a new one for future logging.

chown root.utmp /var/log/wtmp && chmod 664 /var/log/wtmp

The above command will change the ownership to root and group assignment to utmp for logging and at the same time assign rw-rw-r-- permission on /var/log/wtmp

I hope this helps.

macemoneta 05-24-2011 03:50 PM
Quote:
Originally Posted by Robert G (Post 4365973)
Thank you, but need more information. Where do I change 'last reboot' in my profile?
Most distributions don't list the last reboot. If you or someone you know didn't add it, you'll need to look around to see where it was added. The possible locations vary with the shell. If you're using bash, then check:

~/.bashrc
~/.bash_profile
/etc/bashrc
/etc/profile
and the files in /etc/profile.d/

Robert G 05-24-2011 04:31 PM
Thanks guys, but... Could not grep 'last reboot' (or variations) anywhere in those listed files (yes, using bash). And, followed T3RM1NVT0R advice, but it didn't fix it.

my.desktop% ls -ltr wtmp*
-rw-rw-r-- 1 root utmp 812160 May 24 13:21 wtmp.old
-rw-rw-r-- 1 root utmp 1536 May 24 14:24 wtmp

Still getting the entire list of reboots when I ssh to my host. (using Putty btw) This is a corporate linux host. Can it be controlled by corporate policies?

hmmm, anything else I can try?

T3RM1NVT0R 05-24-2011 04:54 PM
@ Reply
 
Hi Robert,

Well doing ssh via putty should not be an issue.

I tried it once again on my RHEL and Linux Mint system and it worked perfectly fine. You can give a try by breaking down the commands. Run them in the following sequence and see if you still get the message:

1. mv /var/log/wtmp /var/log/wtmp.old
2. ls -l | grep /var/log/wtmp (just to make sure that the file has been renamed)
3. touch /var/log/wtmp
4. chown root.utmp /var/log/wtmp
5. chmod 664 /var/log/wtmp

bigrigdriver 05-24-2011 04:57 PM
As root, run

/dev/null > /var/log/wtmp

which effectively overwrites wtmp with nothing (/dev/null), leaving an empty wtmp file.

You may get an error messages that says "permission denied". However, if you run "ls -l /var/log/wtmp" you will see that the file is empty.

If the list of reboots still displays, then the history is not stored in wtmp. In an effort to find the offending log file, try this as root:

find /var -type f | grep -i reboot
or perhaps
find /var -type f | xargs grep -i reboot

Robert G 05-24-2011 06:19 PM
T3RM1NVT0R:

No error, as you can see from the files listed, it worked. I used sudo to run the commands, as I do not have permissions as user. I have a new wtmp file that is 1.5k in size, compared with the old file that is 812k.

my.desktop% ls -ltr wtmp*
-rw-rw-r-- 1 root utmp 812160 May 24 13:21 wtmp.old
-rw-rw-r-- 1 root utmp 1536 May 24 14:24 wtmp

I can even view the wtmp.old file and see the binary that looks like it logged the reboots, while the new wtmp file doesn't have much in there yet.

bigrigdriver:

Tried find commands and found:

my.desktop% sudo find /var -type f | grep -i reboot
/var/cfengine/inputs/default/reboot_count/reboot_count.cf

Robert G 05-24-2011 06:28 PM
OMG found it. The key was the reboot_count.cf file. Which led me on a hunt through a few scripts with lots of variables. Finally found the trail.

Reboots are held in the file called /etc/motd.local. I replaced that file and it is now working.

Thanks guys for the tips. Couldn't have found it without you!


All times are GMT -5. The time now is 07:36 PM.