1 <?xml version="1.0" encoding="UTF-8"?>
3 Copyright (c) 1989 - 1994, Julianne Frances Haugh
4 Copyright (c) 2007 - 2009, Nicolas François
7 Redistribution and use in source and binary forms, with or without
8 modification, are permitted provided that the following conditions
10 1. Redistributions of source code must retain the above copyright
11 notice, this list of conditions and the following disclaimer.
12 2. Redistributions in binary form must reproduce the above copyright
13 notice, this list of conditions and the following disclaimer in the
14 documentation and/or other materials provided with the distribution.
15 3. The name of the copyright holders or contributors may not be used to
16 endorse or promote products derived from this software without
17 specific prior written permission.
19 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20 ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
23 HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
24 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
25 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 <refentry id='faillog.8'>
32 <!-- $Id: faillog.8.xml 2968 2009-05-21 14:04:53Z nekral-guest $ -->
34 <refentrytitle>faillog</refentrytitle>
35 <manvolnum>8</manvolnum>
36 <refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
38 <refnamediv id='name'>
39 <refname>faillog</refname>
40 <refpurpose>display faillog records or set login failure limits</refpurpose>
43 <refsynopsisdiv id='synopsis'>
45 <command>faillog</command>
47 <replaceable>options</replaceable>
52 <refsect1 id='description'>
53 <title>DESCRIPTION</title>
55 <command>faillog</command> displays the contents of the failure log
56 database (<filename>/var/log/faillog</filename>). It can also
57 set the failure counters and limits. When
58 <command>faillog</command> is run without arguments, it only displays the
59 faillog records of the users who had a login failure.
63 <refsect1 id='options'>
64 <title>OPTIONS</title>
66 The options which apply to the <command>faillog</command> command
69 <variablelist remap='IP'>
71 <term><option>-a</option>, <option>--all</option></term>
74 Display (or act on) faillog records for all users having an
75 entry in the <filename>faillog</filename> database.
80 <term><option>-h</option>, <option>--help</option></term>
82 <para>Display help message and exit.</para>
87 <option>-l</option>, <option>--lock-time</option>
88 <replaceable>SEC</replaceable>
92 Lock account for <replaceable>SEC</replaceable>
93 seconds after failed login.
96 Write access to <filename>/var/log/faillog</filename>
97 is required for this option.
103 <option>-m</option>, <option>--maximum</option>
104 <replaceable>MAX</replaceable>
108 Set the maximum number of login failures after the account is
109 disabled to <replaceable>MAX</replaceable>.
113 <replaceable>MAX</replaceable> value of 0 has the effect of not
114 placing a limit on the number of failed logins.
118 failure count should always be 0 for <emphasis>root</emphasis>
119 to prevent a denial of services attack against the system.
122 Write access to <filename>/var/log/faillog</filename>
123 is required for this option.
128 <term><option>-r</option>, <option>--reset</option></term>
131 Reset the counters of login failures.
134 Write access to <filename>/var/log/faillog</filename>
135 is required for this option.
140 <term><option>-t</option>, <option>--time</option>
141 <replaceable>DAYS</replaceable>
145 Display faillog records more recent than
146 <replaceable>DAYS</replaceable>.
152 <option>-u</option>, <option>--user</option>
153 <replaceable>LOGIN</replaceable>|<replaceable>RANGE</replaceable>
157 Display faillog record or maintains failure counters and limits
158 (if used with <option>-l</option>, <option>-m</option> or
159 <option>-r</option> options) only for the specified user(s).
162 The users can be specified by a login name, a numerical user
163 ID, or a <replaceable>RANGE</replaceable> of users. This
164 <replaceable>RANGE</replaceable> of users can be specified
165 with a min and max values
166 (<replaceable>UID_MIN-UID_MAX</replaceable>), a max value
167 (<replaceable>-UID_MAX</replaceable>), or a min value
168 (<replaceable>UID_MIN-</replaceable>).
175 When none of the <option>-l</option>, <option>-m</option>, or
176 <option>-r</option> options are used, <command>faillog</command>
177 displays the faillog record of the specified user(s).
180 NOTE: in display mode, only the records of users which currently
181 exist in the system are displayed. In the other modes (when the
182 <option>-l</option>, <option>-m</option>, or <option>-r</option>
183 options are used), the records of the user, or the range of users,
184 or all the users that may have an entry in the faillog database will
185 be changed. This is useful to reset records of users that have been
186 deleted or set a policy in advance for a range of users.
190 <refsect1 id='caveats'>
191 <title>CAVEATS</title>
193 <command>faillog</command> only prints out users with no successful
194 login since the last failure. To print out a user who has had a
195 successful login since their last failure, you must explicitly request
196 the user with the <option>-u</option> flag, or print out all users
197 with the <option>-a</option> flag.
201 <refsect1 id='files'>
205 <term><filename>/var/log/faillog</filename></term>
207 <para>Failure logging file.</para>
213 <refsect1 id='see_also'>
214 <title>SEE ALSO</title>
217 <refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
220 <refentrytitle>faillog</refentrytitle><manvolnum>5</manvolnum>