# Config File and WTMP



## bamcis (Feb 27, 2009)

Is there a text file I can review that has the configuration of the initial set up of the server? 

Also, I have an offline server that is corrupted. I am trying to piece through the problem. I have several WTMP files and I am trying to read them. I am using last -f <file name> | less and am receiving output. However, I do not believe it is the complete output. I say this because when I look at the WTMP in a regular file editor I see many more IP addresses in that file versus the ouput of the last -f <file name> | less. I am also hitting page down or the down arrow till it says END.

Are there any other commands I can run to ensure I am getting the complete output?


----------



## trev (Feb 28, 2009)

bamcis said:
			
		

> Is there a text file I can review that has the configuration of the initial set up of the server?



/etc/rc.conf - changes and additions to defaults
/etc/defaults/rc.conf - the defaults

Of course, there are other config files, eg sendmail.mc for mail, named.conf for bind etc, but the above are the main "system" ones.


----------



## Mel_Flynn (Feb 28, 2009)

One central config file for all software does not exist. /etc/rc.conf is the closest to that as you can get. If you're assuming it's modified, then it's useless. This is what backups, kern.securelevel, ro mounts, mtree and such are for.

As for wtmp, it's possible it has gotten corrupted. You can read out the structures quite easily using C. If you suspect corruption, read byte by byte rather then per utmp structure and use the string "tty" as start of entry and take it from there.

See wtmp(5).


----------



## bamcis (Feb 28, 2009)

*Thanks for Reply*

Thank you for the reply. What do you mean by using C and tty?


----------

