wtmp flooded with security scan user
by PoleStar from LinuxQuestions.org on (#5PBFC)
Hello,
I am trying to understand behavior of last/wtmp.
We run security scan every night on the servers. On all the servers when I try to do "last" all I see is pages and pages of security scan user.. no information about any real user loging in.
While /var/log/wtmp.1 is usually empty.
How can I restrict security scan user to flood the /var/log/wtmp... or how can I retain clean information about the other users loging in ?
Thank you
I am trying to understand behavior of last/wtmp.
We run security scan every night on the servers. On all the servers when I try to do "last" all I see is pages and pages of security scan user.. no information about any real user loging in.
While /var/log/wtmp.1 is usually empty.
How can I restrict security scan user to flood the /var/log/wtmp... or how can I retain clean information about the other users loging in ?
Thank you