/usr/share/doc/python-utmp/examples/scanutmp.py is in python-utmp 0.8.2.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 | #!/usr/bin/python
# scan utmp and remove bogus entries
# works only for systems that have ut_pid
# linux has, BSD has not
# alert: sshd runs the master process as root, but writes its pid and the real user
# into utmp, thus these entries will be removed, even if correct
import utmp
from UTMPCONST import *
import time, os, string
a = utmp.UtmpRecord()
print ("Removing bogus entries:")
print ("%-10s %-10s %5s %-25s %-20s" % ("USER", "TTY", "PID", "HOST", "LOGIN"))
ps = os.popen("ps aux").readlines()[1:]
#ps = os.popen("ps -edf").readlines()[1:]
pids = {}
for i in ps:
user, pid = i.split()[:2]
pids[int(pid)] = user
for b in a:
if b.ut_type == USER_PROCESS:
if (b.ut_pid not in pids) or b.ut_user!=pids[b.ut_pid]:
print ("%-10s %-10s %5i %-25s %-20s" % (b.ut_user, b.ut_line, b.ut_pid, b.ut_host, time.ctime(b.ut_tv[0])))
b.ut_type = DEAD_PROCESS
b.ut_host = ''
b.ut_tv = (0, 0)
a.pututline(b)
a.getutent() # to move to next entry
|