Exam 200-201 topic 1 question 92 discussion

D. /var/log/auth.log

c) /var/log/btmp – This file contains information about failed login attemps. Use the last command to view the btmp file. For example, “last -f /var/log/btmp | more” d) /var/log/wtmp or /var/log/utmp – Contains login records. Using wtmp you can find out who is logged into the system. who command uses this file to display the information. e) /var/log/faillog – Contains user failed login attemps. Use faillog command to display the content of this file. f) /var/log/secure – Contains information related to authentication and authorization privileges. For example, sshd logs all the messages here, including unsuccessful login.

1. The main log file a) /var/log/messages – Contains global system messages, including the messages that are logged during system startup. There are several things that are logged in /var/log/messages including mail, cron, daemon, kern, auth, etc. 2. Access and authentication a) /var/log/auth.log – Contains system authorization information, including user logins and authentication machinsm that were used. b) /var/log/lastlog – Displays the recent login information for all the users. This is not an ascii file. You should use lastlog command to view the content of this file.

D - correct based on the below: https://www.netsurion.com/articles/top-5-linux-log-file-groups-in-var-log#:~:text=There%20are%20several%20things%20that,%2C%20kern%2C%20auth%2C%20etc.&text=a)%20%2Fvar%2Flog%2Fauth.,information%20for%20all%20the%20users.