In some email I received from Bill Sommerfeld, sie wrote:
[...]
> > wtmp: Why text?  That makes it that much easier for a newbie cracker wannabe
> > to hack accounting records.
> 
> Because most other log files with variable-size records use text file
> format.  

Why does it need to be used as text ?  At least with the current binary
format, last knows how to look for matching records, etc.  Changing to
a text file format would require last to be largely rewritten, which is
a lot of extra work for what gain ?

> > This would be a boon, actually.  Would you show who the intruder was
> > attempting to impersonate?
> 
> Not quite sure what you're talking about here..
> 
> This would be a per-user record indicating failed attempts to log in
> as that user, so that login could print (for instance):
> 
> 	"3 failed login attempts since last successful login"
> 	"last failed attempt from www.xxx.yy.zzz using ftp"
[...]

I've seen this on precious few OS's.  Those that did have a totally separate
file, to the one for `lastlog', for storing that information.

Darren

p.s. does this belong on both tech-net and tech-userlevel ?