Automatically remove records based on an IP address from:
- /var/run/utmp
- /var/log/wtmp
- /var/log/lastlog
You must have root, or at least write access on those files, for this tool to work.
$ whoami
root
$ w
 08:50:07 up 10:40,  2 users,  load average: 0.05, 0.13, 0.17
USER     TTY        LOGIN@   IDLE   JCPU   PCPU WHAT
root     tty1      08:49   33.00s  0.15s  0.15s -zsh
root     pts/1     08:48    6.00s  0.33s  0.00s w
$ utmpfucc
/var/run/utmp: 7854     root     pts/1        2017-02-25 08:48 (10.0.0.99)
[$] /var/run/utmp: removed 1 records
/var/log/wtmp: 7854     root     pts/1        2017-02-25 08:48 (10.0.0.99)
[$] /var/log/wtmp: removed 1 records
[$] /var/log/lastlog: removed 1 records
$ w
 08:50:22 up 10:40,  1 user,  load average: 0.11, 0.14, 0.18
USER     TTY        LOGIN@   IDLE   JCPU   PCPU WHAT
root     tty1      08:49   48.00s  0.15s  0.15s -zsh
$ what now bitch
sh: what: command not found
usage: utmpfucc [OPTION]...
remove entries from utmp/wtmp logs
   -i, --ip=IP         specify ip address to remove
   -n, --dry-run       don't modify log files
   -f, --file          utmp file to edit (default /var/run/utmp and
                       /var/log/wtmp)
       --skip-utmp     skip /var/run/utmp
       --skip-wtmp     skip /var/log/wtmp
       --skip-lastlog  skip /var/log/lastlog
   -v, --verbose       control verbosity (can be given twice)
   -h, --help          display this help and exit
   -V, --version       output version information and exit