Linux last login info
 

hello all!
when i log in into linux machine with ssh, it displays last login info, and can i edit ro delete this info ?

you can't delete it, do you mean you just don't want to see it? in that case things like that are normally in /etc/issue.net for network logins. or in the ssh server config itself... /etc/ssh/sshd_config typically

this is in the /etc/issue.net
--
Red Hat Linux release 9 (Shrike)
Kernel \r on an \m

What about /etc/ssh/sshd_config ? Anything staring back at you from there?

Cool

Actually I can't seem to find anything in either file mentioned that details the last login. The only lines there are for OS version, kernel version and chipset.

I'm curious about this myself, I've never looked into it. Any other ideas where it may be? Perhaps in the shell-specific files, since it only displays after a successful login (and displays the same whether you connect via SSH or telnet)?:scratch:

just out of interest ... why would you want to do this ? are we talking about trying to change this without root ?

Actually, it is possible to edit login info. Most local and remote login programs log to /var/log/utmp (This filename is compiled into glibc. Need to edit and recompile it if you want to use another location). This file contains information who logged in, where and when, in a binary format. I don't know any simple interface to modify this data, so you may have to learn C. Checkout getutmp(3) and friends.

Of course, your system should be configured not to allow anyone other than root to edit /var/log/* files. They are an important target for crackers (!= hackers) who try to remove evidence of their exploits.