last command fails - how to fix it so that it works again?

Question

The server is Ubuntu 11.10.

When I issue the "last" command from the command line, it gives the following output:

# last
last: read failed!

wtmp begins Fri Apr 18 15:47:48 2014

This I suspect is happening after a probable hacking attempt on the server, which we have dealt with now. But the "last" command continues not to work. I suspect the hacker disabled this command from working, so that they could cover their trails.

The question is why the command doesn't work and how do I get it fixed so that it works as intended?

Thanks for your expert insight.

ek9 · Accepted Answer · 2014-05-29T16:51:11.533

0

This is due to corrupt wtmp or utmp files. As it is possible these got cleared and their permissions reset, I would backup the current ones and reset them. This can be done by cat /dev/null and directing output to the files.

The last command should pickup the new files upon reboot.

edited May 29 '14 at 16:51

answered May 29 '14 at 16:40

ek9

2,131

last command fails - how to fix it so that it works again?

1 Answers1