granicus.if.org Git - shadow/blob - man/faillog.8.xml

   1 <?xml version="1.0" encoding="UTF-8"?>
   2 <refentry id='faillog.8'>
   3   <!--  $Id: faillog.8.xml,v 1.21 2006/05/28 16:17:36 kloczek Exp $ -->
   4   <refmeta>
   5     <refentrytitle>faillog</refentrytitle>
   6     <manvolnum>8</manvolnum>
   7     <refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
   8   </refmeta>
   9   <refnamediv id='name'>
  10     <refname>faillog</refname>
  11     <refpurpose>display faillog records or set login failure limits</refpurpose>
  12   </refnamediv>
  13
  14   <refsynopsisdiv id='synopsis'>
  15     <cmdsynopsis>
  16       <command>faillog</command>
  17       <arg choice='opt'>
  18         <replaceable>options</replaceable>
  19       </arg>
  20     </cmdsynopsis>
  21   </refsynopsisdiv>
  22
  23   <refsect1 id='description'>
  24     <title>DESCRIPTION</title>
  25     <para>
  26       <command>faillog</command> formats the contents of the failure log
  27       from <filename>/var/log/faillog</filename> database. It also can be
  28       used for maintains failure counters and limits. Run
  29       <command>faillog</command> without arguments display only list of user
  30       faillog records who have ever had a login failure.
  31     </para>
  32   </refsect1>
  33
  34   <refsect1 id='options'>
  35     <title>OPTIONS</title>
  36     <para>
  37       The options which apply to the <command>faillog</command> command
  38       are:
  39     </para>
  40     <variablelist remap='IP'>
  41       <varlistentry>
  42         <term><option>-a</option>, <option>--all</option></term>
  43         <listitem>
  44           <para>Display faillog records for all users.</para>
  45         </listitem>
  46       </varlistentry>
  47       <varlistentry>
  48         <term><option>-h</option>, <option>--help</option></term>
  49         <listitem>
  50           <para>Display help message and exit.</para>
  51         </listitem>
  52       </varlistentry>
  53       <varlistentry>
  54         <term>
  55           <option>-l</option>, <option>--lock-time</option>
  56           <replaceable>SEC</replaceable>
  57         </term>
  58         <listitem>
  59           <para>
  60             Lock account to <replaceable>SEC</replaceable>
  61             seconds after failed login.
  62           </para>
  63         </listitem>
  64       </varlistentry>
  65       <varlistentry>
  66         <term>
  67           <option>-m</option>, <option>--maximum</option>
  68           <replaceable>MAX</replaceable>
  69         </term>
  70         <listitem>
  71           <para>
  72             Set maximum number of login failures after the account is
  73             disabled to <replaceable>MAX</replaceable>. Selecting
  74             <replaceable>MAX</replaceable> value of 0 has the effect of not
  75             placing a limit on the number of failed logins. The maximum
  76             failure count should always be 0 for <emphasis>root</emphasis>
  77             to prevent a denial of services attack against the system.
  78           </para>
  79         </listitem>
  80       </varlistentry>
  81       <varlistentry>
  82         <term><option>-r</option>, <option>--reset</option></term>
  83         <listitem>
  84           <para>
  85             Reset the counters of login failures or one record if used with
  86             the <option>-u</option> <replaceable>LOGIN</replaceable>
  87             option. Write access to <filename>/var/log/faillog</filename>
  88             is required for this option.
  89           </para>
  90         </listitem>
  91       </varlistentry>
  92       <varlistentry>
  93         <term><option>-t</option>, <option>--time</option>
  94         <replaceable>DAYS</replaceable>
  95         </term>
  96         <listitem>
  97           <para>
  98             Display faillog records more recent than
  99             <replaceable>DAYS</replaceable>. The <option>-t</option>
 100             flag overrides the use of <option>-u</option>.
 101           </para>
 102         </listitem>
 103       </varlistentry>
 104       <varlistentry>
 105         <term>
 106           <option>-u</option>, <option>--user</option> <replaceable>LOGIN</replaceable>
 107         </term>
 108         <listitem>
 109           <para>
 110             Display faillog record or maintains failure counters and limits
 111             (if used with <option>-l</option>, <option>-m</option> or
 112             <option>-r</option> options) only for user with
 113             <replaceable>LOGIN</replaceable>.
 114           </para>
 115         </listitem>
 116       </varlistentry>
 117     </variablelist>
 118   </refsect1>
 119
 120   <refsect1 id='caveats'>
 121     <title>CAVEATS</title>
 122     <para>
 123       <command>faillog</command> only prints out users with no successful
 124       login since the last failure. To print out a user who has had a
 125       successful login since their last failure, you must explicitly request
 126       the user with the <option>-u</option> flag, or print out all users
 127       with the <option>-a</option> flag.
 128     </para>
 129   </refsect1>
 130
 131   <refsect1 id='files'>
 132     <title>FILES</title>
 133     <variablelist>
 134       <varlistentry>
 135         <term><filename>/var/log/faillog</filename></term>
 136         <listitem>
 137           <para>Failure logging file.</para>
 138         </listitem>
 139       </varlistentry>
 140     </variablelist>
 141   </refsect1>
 142
 143   <refsect1 id='see_also'>
 144     <title>SEE ALSO</title>
 145     <para>
 146       <citerefentry>
 147         <refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
 148       </citerefentry>,
 149       <citerefentry>
 150         <refentrytitle>faillog</refentrytitle><manvolnum>5</manvolnum>
 151       </citerefentry>.
 152     </para>
 153   </refsect1>
 154 </refentry>