Code [logf001f]
The log file "wtmp" should exist to show an audit trail of which user has logged into the server. This file is accessed by the command "last". It might not exist due to a system configuration error or an intruder that has tried to cover this tracks by removing it.
Code [logf002f]
The log file "btmp" should exist to log a list of bad logins. This file is accessed using the command "lastb". It might not exist due to a system configuration error or an intruder that has tried to cover this tracks by removing it.
Code [logf003f]
The log file "lastlog" should exist to show a user's most recent login session on the server. This file is accessed by the command "lastlog". It might not exist due to a system configuration error or an intruder that has tried to cover this tracks by removing it.
Code [logf004f]
The log file "utmp" should exist so that a list of current users on the server can be listed. This is accessed by the command "who". It might not exist due to a system configuration error or an intruder that has tried to cover this tracks by removing it.
Code [logf005f]
The log file does not have proper permissions set. It is recommended that you change the permissions to those suggested for these file.
Code [logf005w]
There are no umask entries in the configuration file. It is recommended that there are umask entries set in the configuration file.
Code [logf006f]
The log file "loginlog" should exist to show a user login attempts on the server. It might not exist due to a system configuration error or an intruder that has tried to cover this tracks by removing it.
Code [logf007f]
The log file "messages" should exist to show a trace of the system logs (including reboots and kernel messages), it is also often used by the syslog daemon to log information. The contents of the "messages" logfile depends upon the configuration of the syslog.conf and varies by distribution and/or system administrator preference. It might not exist if you have configured your system to use a different file for logging or if an intruder has tried to cover his tracks by removing it since the messages file might contain bad login attempts from local users and remote hosts.