acc002i:
The listed login ID is disabled, but has a potentially valid shell.
These can usually be safely ignored.
acc001w:
The listed login ID is disabled in some manner ('*' in passwd field, etc),
but the login shell for the login ID is a valid shell (from /etc/shells
or the system equivalent). A valid shell can potentially enable the
login ID to continue to be used. The login shell should be changed
to something that doesn't exist, or to something like /bin/false.
acc003w:
The listed login ID is disabled in some manner ('*' in passwd field, etc),
but the .forward file is setup to execute programs. This can allow the
login ID to continue to be used despite the fact that it is disabled.
The .forward file should be checked and probably removed.
acc007a:
The listed login ID has a '.hushlogin' file which is not zero-length.
This file is normally a zero length file. This file is frequently used
by intruders as a place to store captured passwords. This file should
be looked at. If it appears to be such a log file, then the system should
be regarded as being compromised. The system should be thoroughly checked
and cleaned.
acc009a:
The login ID 'sync' has no password and the shell is not /bin/sync, which
is what it normally is. This could indicate an intrusion has occurred.
If the shell is one of the normal shells (/bin/sh, /bin/csh, etc), then
this is very likely the situation. The login ID should be disabled, or
the shell reset to '/bin/sync'.