/home/maint/bin/acctcleanup.sh ;; runs only via cron on the first day of every month at midnight. It moves all entries in btmp and wtmp to /home/maint/logs/acct with a file name format of: wtmp-monthYEAR or btmp-monthYEAR
see utmp(4)
/var/adm/btmp Bad login database
/var/adm/wtmp Login database
/etc/utmp
utmp = record of all users logged onto the system.
btmp = bad login entries for each invalid logon attempt
wtmp = record of all logins and logouts.
acctcleanup.sh::::
#!/usr/bin/sh
# cleans up accounting files: /var/adm/wtmp and /var/adm/btmp Should be run via
# cron at 0:00 the first of every month.
#wtmp contains a record of all logins and logouts
#btmp contains bad login entries for each invalid logon attempt
#if not running under cron then exit
if ! /home/maint/bin/rptree.sh $$ | grep cron >/dev/null; then
banner executes "only under" cron
exit
fi
w=/var/adm/wtmp
b=/var/adm/btmp
fwtmp=/usr/sbin/acct/fwtmp
wtmpfix=/usr/sbin/acct/wtmpfix
log=/home/maint/logs/acct
#Since we are in a new month, get last month's name
case `date +%B` in
January) month=December;;
February) month=January;;
March) month=February;;
April) month=March;;
May) month=April;;
June) month=May;;
July) month=June;;
August) month=July;;
September) month=August;;
October) month=September;;
November) month=October;;
December) month=November;;
esac
wdate=$log/wtmp-$month`date +%Y.log`
bdate=$log/btmp-$month`date +%Y.log`
$fwtmp < $w > $wdate
cat /dev/null > $w
$fwtmp < $b > $bdate
cat /dev/null > $b
No comments:
Post a Comment