FAILLOG

Section: System Management Commands (8)
Updated: 07/24/2009
Index Return to Main Contents
 

NAME

faillog - display faillog records or set login failure limits  

SYNOPSIS

faillog [options]
 

DESCRIPTION

faillog

displays the contents of the failure log database (/var/log/faillog). It can also set the failure counters and limits. When faillog is run without arguments, it only displays the faillog records of the users who had a login failure.  

OPTIONS

The options which apply to the faillog command are:

-a, --all

Display (or act on) faillog records for all users having an entry in the faillog database.

-h, --help

Display help message and exit.

-l, --lock-time SEC

Lock account for SEC seconds after failed login.

Write access to /var/log/faillog is required for this option.

-m, --maximum MAX

Set the maximum number of login failures after the account is disabled to MAX.

Selecting a MAX value of 0 has the effect of not placing a limit on the number of failed logins.

The maximum failure count should always be 0 for root to prevent a denial of services attack against the system.

Write access to /var/log/faillog is required for this option.

-r, --reset

Reset the counters of login failures.

Write access to /var/log/faillog is required for this option.

-t, --time DAYS

Display faillog records more recent than DAYS.

-u, --user LOGIN|RANGE

Display faillog record or maintains failure counters and limits (if used with -l, -m or -r options) only for the specified user(s).

The users can be specified by a login name, a numerical user ID, or a RANGE of users. This RANGE of users can be specified with a min and max values (UID_MIN-UID_MAX), a max value (-UID_MAX), or a min value (UID_MIN-).

When none of the -l, -m, or -r options are used, faillog displays the faillog record of the specified user(s).

NOTE: in display mode, only the records of users which currently exist in the system are displayed. In the other modes (when the -l, -m, or -r options are used), the records of the user, or the range of users, or all the users that may have an entry in the faillog database will be changed. This is useful to reset records of users that have been deleted or set a policy in advance for a range of users.  

CAVEATS

faillog only prints out users with no successful login since the last failure. To print out a user who has had a successful login since their last failure, you must explicitly request the user with the -u flag, or print out all users with the -a flag.  

FILES

/var/log/faillog

Failure logging file.
 

SEE ALSO

login(1), faillog(5).