Which log file contains system authentication information including user logins?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Enhance your cyber defense skills with the Security Blue Team Level 1 Test. Prepare with flashcards, multiple choice questions, and detailed explanations to ace your exam!

Multiple Choice

Which log file contains system authentication information including user logins?

Explanation:
Tracking who accessed the system and how they authenticated is done by looking at the authentication log. This log records login attempts, sudo usage, and other authentication events, giving you visibility into who logged in and when. On many Linux distributions, those authentication messages are written to a dedicated file: /var/log/auth.log. It collects entries from the authentication stack—sshd, login, su, sudo, PAM and related components—covering both successful logins and failures, as well as session start and end times. That makes it the primary source for system authentication information including user logins. Other options don’t fit as well: /var/log/cron is for cron job activity, /var/log/dpkg.log records package management actions, and /var/log/secure serves a similar authentication purpose on Red Hat-based systems but is not the file listed in this context.

Tracking who accessed the system and how they authenticated is done by looking at the authentication log. This log records login attempts, sudo usage, and other authentication events, giving you visibility into who logged in and when.

On many Linux distributions, those authentication messages are written to a dedicated file: /var/log/auth.log. It collects entries from the authentication stack—sshd, login, su, sudo, PAM and related components—covering both successful logins and failures, as well as session start and end times. That makes it the primary source for system authentication information including user logins.

Other options don’t fit as well: /var/log/cron is for cron job activity, /var/log/dpkg.log records package management actions, and /var/log/secure serves a similar authentication purpose on Red Hat-based systems but is not the file listed in this context.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy