How to disable lastlog file in /var/log
whenever some one logs in to the RHEL 4 server, his details are put in this lastlog file. Are there any other files that keep the info about logins (either successful or failed attempts) ?
How to stop lastlog file getting updated with the user id every time someone logs in ? |
There is two ways to do it, depending on distro release, you shuld check yours, as I don not have it:
- the old method is in /etc/login.defs, comment "LASTLOG_ENAB" - the new method is in /etc/pam.d/login, comment "session optional pam_lastlog.so" |
Why would you want to disable it?
|
Quote:
|
Quote:
There is no line containing "session optional pam_lastlog.so" in the file login I found the following commands that display the previous login details last lastb lastcomm lastlog These commands get the data from var/log/btmp var/run/utmp var/log/wtmp how to disable the process that writes the IP addr of the person who logs in ? |
And again the question: why?
That's a very basic sanity check, and a fundamental auditing feature. Turning that off is like removing the hand-break from your car. The only "reason" I can think of for wanting to disable that is that you want to open back-doors for people. Not a good reason. Cheers, Tink |
All times are GMT -5. The time now is 12:56 PM. |