<?xml version="1.0" encoding="UTF-8"?>
<refentry id='faillog.8'>
  <!--  $Id$ -->
  <refmeta>
    <refentrytitle>faillog</refentrytitle>
    <manvolnum>8</manvolnum>
    <refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>faillog</refname>
    <refpurpose>display faillog records or set login failure limits</refpurpose>
  </refnamediv>

  <refsynopsisdiv id='synopsis'>
    <cmdsynopsis>
      <command>faillog</command>
      <arg choice='opt'>
	<replaceable>options</replaceable>
      </arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      <command>faillog</command> formats the contents of the failure log
      from <filename>/var/log/faillog</filename> database. It also can be
      used for maintains failure counters and limits. Run
      <command>faillog</command> without arguments display only list of user
      faillog records who have ever had a login failure.
    </para>
  </refsect1>

  <refsect1 id='options'>
    <title>OPTIONS</title>
    <para>
      The options which apply to the <command>faillog</command> command
      are:
    </para>
    <variablelist remap='IP'>
      <varlistentry>
	<term><option>-a</option>, <option>--all</option></term>
	<listitem>
	  <para>Display faillog records for all users.</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><option>-h</option>, <option>--help</option></term>
	<listitem>
	  <para>Display help message and exit.</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-l</option>, <option>--lock-time</option>
	  <replaceable>SEC</replaceable>
	</term>
	<listitem>
	  <para>
	    Lock account to <replaceable>SEC</replaceable>
	    seconds after failed login.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-m</option>, <option>--maximum</option>
	  <replaceable>MAX</replaceable>
	</term>
	<listitem>
	  <para>
	    Set maximum number of login failures after the account is
	    disabled to <replaceable>MAX</replaceable>. Selecting
	    <replaceable>MAX</replaceable> value of 0 has the effect of not
	    placing a limit on the number of failed logins. The maximum
	    failure count should always be 0 for <emphasis>root</emphasis>
	    to prevent a denial of services attack against the system.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><option>-r</option>, <option>--reset</option></term>
	<listitem>
	  <para>
	    Reset the counters of login failures or one record if used with
	    the <option>-u</option> <replaceable>LOGIN</replaceable>
	    option. Write access to <filename>/var/log/faillog</filename>
	    is required for this option.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><option>-t</option>, <option>--time</option>
	<replaceable>DAYS</replaceable>
	</term>
	<listitem>
	  <para>
	    Display faillog records more recent than
	    <replaceable>DAYS</replaceable>. The <option>-t</option>
	    flag overrides the use of <option>-u</option>.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-u</option>, <option>--user</option> <replaceable>LOGIN</replaceable>
	</term>
	<listitem>
	  <para>
	    Display faillog record or maintains failure counters and limits
	    (if used with <option>-l</option>, <option>-m</option> or
	    <option>-r</option> options) only for user with
	    <replaceable>LOGIN</replaceable>.
	  </para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='caveats'>
    <title>CAVEATS</title>
    <para>
      <command>faillog</command> only prints out users with no successful
      login since the last failure. To print out a user who has had a
      successful login since their last failure, you must explicitly request
      the user with the <option>-u</option> flag, or print out all users
      with the <option>-a</option> flag.
    </para>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/var/log/faillog</filename></term>
	<listitem>
	  <para>Failure logging file.</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>faillog</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>
</refentry>