(SCO) The default root crontab cleans out /usr/adm/sulog, /etc/wtmp and /etc/wtmpx on Sunday mornings. The script that does this is /etc/cleanup.
(Linux) Logrotate does the cleaning, so modify /etc/logrotate.conf.
(BSD) uses "newsyslog".
But if system accounting is on, "runacct" does this.
If your machine is used at the time this script is run, you will want to change the time in crontab. If you want more than 1 week's information in these files, you need to change its frequency or take it out all together.# grep wtmp /etc/cleanup
Having that run on Sunday is not ideal for forensics - "who logged in over the w
weekend?" is not an unusual question.
A good modification might be to output "last" to a file before cleaing it.
If you found something useful today, please consider a small donation.
Got something to add? Send me email.
Securing a computer system has traditionally been a battle of wits: the penetrator tries to find the holes, and the designer tries to close them. (Gosser)