165 lines
4.5 KiB
Groff
165 lines
4.5 KiB
Groff
'\" t
|
|
.\" Title: faillog
|
|
.\" Author: Julianne Frances Haugh
|
|
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
|
|
.\" Date: 03/19/2025
|
|
.\" Manual: System Management Commands
|
|
.\" Source: shadow-utils 4.17.4
|
|
.\" Language: English
|
|
.\"
|
|
.TH "FAILLOG" "8" "03/19/2025" "shadow\-utils 4\&.17\&.4" "System Management Commands"
|
|
.\" -----------------------------------------------------------------
|
|
.\" * Define some portability stuff
|
|
.\" -----------------------------------------------------------------
|
|
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
.\" http://bugs.debian.org/507673
|
|
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
|
|
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
.ie \n(.g .ds Aq \(aq
|
|
.el .ds Aq '
|
|
.\" -----------------------------------------------------------------
|
|
.\" * set default formatting
|
|
.\" -----------------------------------------------------------------
|
|
.\" disable hyphenation
|
|
.nh
|
|
.\" disable justification (adjust text to left margin only)
|
|
.ad l
|
|
.\" -----------------------------------------------------------------
|
|
.\" * MAIN CONTENT STARTS HERE *
|
|
.\" -----------------------------------------------------------------
|
|
.SH "NAME"
|
|
faillog \- display faillog records or set login failure limits
|
|
.SH "SYNOPSIS"
|
|
.HP \w'\fBfaillog\fR\ 'u
|
|
\fBfaillog\fR [\fIoptions\fR]
|
|
.SH "DESCRIPTION"
|
|
.PP
|
|
\fBfaillog\fR
|
|
displays the contents of the failure log database (/var/log/faillog)\&. It can also set the failure counters and limits\&. When
|
|
\fBfaillog\fR
|
|
is run without arguments, it only displays the faillog records of the users who had a login failure\&.
|
|
.SH "OPTIONS"
|
|
.PP
|
|
The options which apply to the
|
|
\fBfaillog\fR
|
|
command are:
|
|
.PP
|
|
\fB\-a\fR, \fB\-\-all\fR
|
|
.RS 4
|
|
Display (or act on) faillog records for all users having an entry in the
|
|
faillog
|
|
database\&.
|
|
.sp
|
|
The range of users can be restricted with the
|
|
\fB\-u\fR
|
|
option\&.
|
|
.sp
|
|
In display mode, this is still restricted to existing users but forces the display of the faillog entries even if they are empty\&.
|
|
.sp
|
|
With the
|
|
\fB\-l\fR,
|
|
\fB\-m\fR,
|
|
\fB\-r\fR,
|
|
\fB\-t\fR
|
|
options, the users\*(Aq records are changed, even if the user does not exist on the system\&. This is useful to reset records of users that have been deleted or to set a policy in advance for a range of users\&.
|
|
.RE
|
|
.PP
|
|
\fB\-h\fR, \fB\-\-help\fR
|
|
.RS 4
|
|
Display help message and exit\&.
|
|
.RE
|
|
.PP
|
|
\fB\-l\fR, \fB\-\-lock\-secs\fR\ \&\fISEC\fR
|
|
.RS 4
|
|
Lock account for
|
|
\fISEC\fR
|
|
seconds after failed login\&.
|
|
.sp
|
|
Write access to
|
|
/var/log/faillog
|
|
is required for this option\&.
|
|
.RE
|
|
.PP
|
|
\fB\-m\fR, \fB\-\-maximum\fR\ \&\fIMAX\fR
|
|
.RS 4
|
|
Set the maximum number of login failures after the account is disabled to
|
|
\fIMAX\fR\&.
|
|
.sp
|
|
Selecting a
|
|
\fIMAX\fR
|
|
value of 0 has the effect of not placing a limit on the number of failed logins\&.
|
|
.sp
|
|
The maximum failure count should always be 0 for
|
|
\fIroot\fR
|
|
to prevent a denial of services attack against the system\&.
|
|
.sp
|
|
Write access to
|
|
/var/log/faillog
|
|
is required for this option\&.
|
|
.RE
|
|
.PP
|
|
\fB\-r\fR, \fB\-\-reset\fR
|
|
.RS 4
|
|
Reset the counters of login failures\&.
|
|
.sp
|
|
Write access to
|
|
/var/log/faillog
|
|
is required for this option\&.
|
|
.RE
|
|
.PP
|
|
\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
|
|
.RS 4
|
|
Apply changes in the
|
|
\fICHROOT_DIR\fR
|
|
directory and use the configuration files from the
|
|
\fICHROOT_DIR\fR
|
|
directory\&. Only absolute paths are supported\&.
|
|
.RE
|
|
.PP
|
|
\fB\-t\fR, \fB\-\-time\fR\ \&\fIDAYS\fR
|
|
.RS 4
|
|
Display faillog records more recent than
|
|
\fIDAYS\fR\&.
|
|
.RE
|
|
.PP
|
|
\fB\-u\fR, \fB\-\-user\fR\ \&\fILOGIN\fR|\fIRANGE\fR
|
|
.RS 4
|
|
Display faillog record or maintains failure counters and limits (if used with
|
|
\fB\-l\fR,
|
|
\fB\-m\fR
|
|
or
|
|
\fB\-r\fR
|
|
options) only for the specified user(s)\&.
|
|
.sp
|
|
The users can be specified by a login name, a numerical user ID, or a
|
|
\fIRANGE\fR
|
|
of users\&. This
|
|
\fIRANGE\fR
|
|
of users can be specified with a min and max values (\fIUID_MIN\-UID_MAX\fR), a max value (\fI\-UID_MAX\fR), or a min value (\fIUID_MIN\-\fR)\&.
|
|
.RE
|
|
.PP
|
|
When none of the
|
|
\fB\-l\fR,
|
|
\fB\-m\fR, or
|
|
\fB\-r\fR
|
|
options are used,
|
|
\fBfaillog\fR
|
|
displays the faillog record of the specified user(s)\&.
|
|
.SH "CAVEATS"
|
|
.PP
|
|
\fBfaillog\fR
|
|
only prints out users with no successful login since the last failure\&. To print out a user who has had a successful login since their last failure, you must explicitly request the user with the
|
|
\fB\-u\fR
|
|
flag, or print out all users with the
|
|
\fB\-a\fR
|
|
flag\&.
|
|
.SH "FILES"
|
|
.PP
|
|
/var/log/faillog
|
|
.RS 4
|
|
Failure logging file\&.
|
|
.RE
|
|
.SH "SEE ALSO"
|
|
.PP
|
|
\fBlogin\fR(1),
|
|
\fBfaillog\fR(5)\&.
|