Hi,
On Wed, 2002-12-18 at 11:54, i.t wrote:
> from reiserfs it`s known to happen quite often - wtmp may be corrupted;
> but actually I`m using only ext2/3 on the test machine.
> After 7 days running the RH8 system I`ve noticed the first corruption of
wtmp.
> last shows only the line
> wtmp begins Wed Dec 11 09:14:52 2002
> |Sun Dec 15 14:36:34 2002
> ithum |:0 |7|:0
> |20487|136.46.1.64 |
>
> I do not have any idea whether this unknown IP address may be a successful
> hacker attack or not.
Impossible to say from this --- is your system fully uptodate wrt.
errata? Have you got it firewalled?
> Or is the corruption the fault of the ext3 filesystem?
Shouldn't be, I've never heard of ext3 corrupting wtmp before.
> Despite that I`d like to know if there is any way of painless repair of
wtmp
> (like wtmpfix on AIX, True64).
> Hexedit shows me a bit garbage (?), but my tries to repair the file have
not
> been successful until now.
The only easy way I know of is just to rotate the file out and
instantiate a new, empty wtmp file.
--Stephen