my btmp file is huge on linux, what do I do

Posted on June 22, 2015

my btmp file is huge on linux, what do I do

The /var/log/btmp file is one that tracks all of the login attempts on your machine. If it is huge it probably means someone is trying to brute force attack you computer.

the file is binary so you can not just view it, you have to use

#lastb|less

Most likely you will find that someone has been attempting to repeatedly hack your computer, consider setting up a firewall which limits the IP address that are allowed to login to your SSH port.

You could also install DenyHosts

#apt-get install denyhosts

One issue that can occur is that if you are getting attacked, the log size gets to large.

Most likely your logrotate.conf file has a /var/log/btmp entry in it. Update this file to rotate and compress the log file more frequently (see the logrotate documentation)