312-50V10 · Question #716
You have successfully logged on a Linux system. You want to now cover your track. Your login attempt may be logged on several files located in /var/log. Which file does NOT belong to the list:
The correct answer is B. user.log. The file 'user.log' is not a standard Linux authentication or login tracking log file found in /var/log.
Question
You have successfully logged on a Linux system. You want to now cover your track. Your login attempt may be logged on several files located in /var/log. Which file does NOT belong to the list:
Options
- Awtmp
- Buser.log
- Cbtmp
- Dauth.log
How the community answered
(24 responses)- B88% (21)
- C8% (2)
- D4% (1)
Why each option
The file 'user.log' is not a standard Linux authentication or login tracking log file found in /var/log.
wtmp is a valid binary log file in /var/log that records all successful logins and logouts, readable via the 'last' command.
Linux systems track login activity in specific standard log files: wtmp records successful logins, btmp records failed login attempts, and auth.log records authentication events including sudo and SSH. The file 'user.log' is not a standard or commonly present login-tracking log file in /var/log on most Linux distributions, making it the outlier in this list.
btmp is a valid binary log file in /var/log that records failed login attempts, readable via the 'lastb' command.
auth.log is a standard plain-text log file in /var/log on Debian-based systems that records authentication-related events including PAM, SSH, and sudo activity.
Concept tested: Linux /var/log login and authentication log files
Source: https://linux.die.net/man/5/wtmp
Topics
Community Discussion
No community discussion yet for this question.