Util-linux doesn't have utmpdump

recai · January 20, 2025, 3:56pm

What have you tried: install util-linux and use utmpdump

What is the error: there is no utmpdump utility inside util-linux package

What device is this on: bare metal kali on hp elitebook 840 g3

hello, i installed util-linux and util-linux-extras but still there is no utmpdump utility.

“apt list --installed | grep util-linux” returns:
util-linux-extra/kali-rolling,now 2.40.2-13 amd64 [installed]
util-linux/kali-rolling,now 2.40.2-13 amd64 [installed]

“dpkg -L util-linux | grep utmpdump” and “dpkg -L util-linux-extra | grep utmpdump” returns nothing

“apt-file search utmpdump” returns nothing (i did apt-file update)

main source is:
deb Index of / kali-rolling main contrib non-free non-free-firmware

and i also have the mullvad repo but util-linux comes from the offical kali repo.

did the utmpdump utility moved to another package? i can’t figure out what to do, should i build from the source?

Pleiades · January 21, 2025, 2:20am

I’ve been trying to figure this out for a couple of days and haven’t gotten anywhere. Have you had any luck?

barry99705 · January 21, 2025, 6:15am

It is missing, not sure why. It still exists in 2024.1-live, not sure when it stopped working though. It’s not listed in the kali package tracker as a tool under util-linux. Looks like kali pulls it in from debian, so prolly something broken there.

barry99705 · January 21, 2025, 5:57pm

was pointed out to me this morning.

recai · January 21, 2025, 11:15pm

that doesnt make sense, we can use wtmpdb to read wtmpdb databases but we cant read old wtmp and utmp files with it. as example i was trying to read a wtmp file from hackthebox for an sherlock ctf and:

wtmpdb last -f wtmp returns: “wtmpdb_read_all: SQL error: file is not a database”

i couldnt find any online resources on how to turn a wtmp file to a wtmpdb compatible one.

barry99705 · January 24, 2025, 12:49am

don’t know dude, that’s coming from debian.

abower · April 14, 2025, 6:41pm

Hi everyone, I’m the new maintainer of wtmpdb in debian. Unfortunately it is true that Debian dropped all the tools that could directly read wtmp files but the latest versions of wtmpdb now include an import command for the old wtmp-format files. For example, you can run:

wtmpdb import /var/log/wtmp -f imported.db
wtmpdb last -f imported.db

If you have any problems with the importer do raise a bug on the Debian BTS and I’ll see what I can do.

abower · June 7, 2025, 7:50pm

It seems there is another solution! Hidden away in the ‘acct’ package is ‘dump-utmp’: dump-utmp(8) — acct — Debian unstable — Debian Manpages
It doesn’t format as neatly as utmpdump but it works.