- Unix Commands Reference
- Unix Commands - Home
faillog Command in Linux
The faillog command in Linux displays the failed login records or sets the login failure limit for a user. It is used to display and manage the record of failed login attempts. It helps the system administrator understand the system's security by giving insights into unauthorized login attempts. The failed login attempts are logged to the /var/log/faillog file. It is also called a failed login record database.
Table of Contents
Here is a comprehensive guide to the options available with the faillog command −
Syntax of faillog Command
The syntax of the Linux faillog command is as follows −
faillog [options]
The [options] field is used to specify the various options to perform a specific action, such as displaying records of a specific user, modifying the maximum login attempts, or resetting the failed login attempts counter.
faillog Command Options
The options of the faillog command are listed in the table below −
| Options | Description |
|---|---|
| -a (--all) | It is used to display faillog records of all users including system users |
| -l (--lock-secs) sec | It is used to set the number of seconds after which the user account is locked after a failed login |
| -m (--maximum) max | It is used to set the maximum number of login attempts after which the account will disable |
| -r (--reset) | It is used to reset the failure count of a specific user |
| -t (--time) days | It is used to display faillog records more recent than a specified day |
| -u (--user) username | It is used to specify the username |
| -h (--help) | It is used to display brief help related to the command |
Examples of faillog Command in Linux
This section demonstrates the usage of the faillog command in Linux with examples −
- Displaying Faillog Records of All Users
- Displaying Faillog Records of a Specific User
- Setting the Maximum Number of Login Failures
- Locking an Account After a Specific Time
- Resetting Login Failure Counters
- Displaying Records More Recent than Specified Days
- Displaying Help
Displaying Faillog Records of All Users
To display the faillog records or failed login attempts of all users, use the -a or --all options with the faillog command −
faillog -a
It will even display the faillog records of system users.
Note that the faillog records are maintained by the /var/log/faillog file. If it does not exist, create it.
Displaying Faillog Records of a Specific User
To display faillog records of a specific user, use the -u or --user option with the user’s name −
faillog -u john
Setting the Maximum Number of Login Failures
To set the maximum number of failed login attempts after which the account will be locked, use the -m or --maximum options. For example, to set a maximum number of login attempts of user john to 10, use −
sudo faillog -m 10 -u john
Verify it by checking the faillog record of user john −
Locking an Account After a Specific Time
To lock an account for a specific time after maximum failed login attempts, use the -l or --lock-secs option. For example, to lock an account named john for 30 seconds, use −
sudo faillog -l 30 -u john
This operation required sudo privileges.
To verify check the faillog record −
Resetting Login Failure Counters
To reset all the login failure counters of a specific user, use the -r or --reset options −
sudo faillog -ru john
Displaying Records More Recent than Specified Days
To display the faillog records more recent days than specified days, use the -t or --time options. For example, to display the faillog record from the last 6 days, use −
sudo faillog -t 6 -u john
Displaying Help
To display help related to the faillog command, use the -h or --help options −
faillog -h
Conclusion
The faillog command in Linux is used to display the number of failed login attempts and manage it. It is a powerful tool to monitor the security of a system.
The faillog command saves the record of failed attempts to access the count. It essentially helps the system administrators to identify unauthorized attempts.
The faillog record is saved in the /var/log/faillog file. It is a binary file. The faillog command interprets it and displays the information in a human-readable format.
In this tutorial, we explained the faillog command, its syntax, and its usage in Linux through various examples.