Some server administrators do not know when their server is running out of space until it is totally out of space and self-blocked. When it happened administrators begin to wonder what really went wrong. The issue is that the server usually runs out of disk space due to large log files collected in many places hard to find. In the article below we will discover not a well-know server path to check before you are almost out of disk space.
All system administrators know that flushing yum caches and log files are not enough. Basically server has many other location where Gigs of data could be stored.
When running low on storage and have public web frontend on a server, check the /etc/btmp file where failed login attempts are logged. This file may be very large. Follow the command:
ls /var/log/btmp
In case of finding large btmp file you may reset it completely by writing to null:
cat /dev/null > /var/log/btmp
Check the file size, you have successfully flushed a couple of GBs.
Notes
Tournas Dimitrios in his blog ‘Learning the web and more’ (tournasdimitrios1.wordpress.com) published the following scenario for dealing with wtmp and btmp:
In Linux and Unix operating system, it’s possible to use “last” command to display and show the last logged in (and out) users history, and “lastb” command to show and display all the bad login attempts. The users’ login history is been logged and saved in wtmp file while faild login attempts is been stored in btmp file, both files usually located in /var/log directory.
The logging of information into wtmp and btmp is continuous, and can potentially make the wtmp and btmp files grow very to a very big size. The situation is especially true to btmp, which logs failed or bad login attemps to the system, if the administrator does not disable FTP or SSH password authentication, and the server is been attacked via brute-force breaking in attempts, where any wrong user name or incorrect password been logged to btmp.
In addition, administrator may also want to clear and erase the history of login history once in a while. Or, system that running low or almost running out of disk space on /var may want to purge and delete the wtmp and btmp to reclaim and save some disk space.
In any case, the proper way to clear and reset wtmp and btmp files is by piping a blank input to the file, overwriting and replace all existing content. The command that can be used has the syntax like below:
cat /dev/null > /var/log/wtmp