chkwtmp - check wtmp-file for deleted entries
Chkwtmp examines the file /var/log/wtmp for entries with no information
(containing only null-bytes). If such entries are found the program
prints the time window for the original entry. This is done by
displaying the timestamps of the wtmp-entry before and after the
To run chkwtmp you need read permission on the file /var/log/wtmp.
Normally this file is world-readable and no special privileges are
required to run the checker.
/var/log/wtmp login data base
An entry is recognized as overwritten if the time-information has been
overwritten with null-bytes.
This program was designed to run on SunOS 4.x systems only. On other
systems the output is undefined...