faillock(8) — Linux manual page

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | FILES | SEE ALSO | AUTHOR | COLOPHON

FAILLOCK(8)                 Linux-PAM Manual                 FAILLOCK(8)

NAME         top

       faillock - Tool for displaying and modifying the authentication
       failure record files

SYNOPSIS         top


       faillock [--dir /path/to/tally-directory] [--user username]
                [--reset]

DESCRIPTION         top

       The pam_faillock.so module maintains a list of failed
       authentication attempts per user during a specified interval and
       locks the account in case there were more than deny consecutive
       failed authentications. It stores the failure records into
       per-user files in the tally directory.

       The faillock command is an application which can be used to
       examine and modify the contents of the tally files. It can
       display the recent failed authentication attempts of the username
       or clear the tally files of all or individual usernames.

OPTIONS         top

       --conf /path/to/config-file
           The file where the configuration is located. The default is
           /etc/security/faillock.conf.

       --dir /path/to/tally-directory
           The directory where the user files with the failure records
           are kept.

           The priority to set this option is to use the value provided
           from the command line. If this isn't provided, then the value
           from the configuration file is used. Finally, if neither of
           them has been provided, then /var/run/faillock is used.

       --user username
           The user whose failure records should be displayed or
           cleared.

       --reset
           Instead of displaying the user's failure records, clear them.

FILES         top

       /var/run/faillock/*
           the files logging the authentication failures for users

SEE ALSO         top

       pam_faillock(8), pam(8)

AUTHOR         top

       faillock was written by Tomas Mraz.

COLOPHON         top

       This page is part of the linux-pam (Pluggable Authentication
       Modules for Linux) project.  Information about the project can be
       found at ⟨http://www.linux-pam.org/⟩.  If you have a bug report
       for this manual page, see ⟨//www.linux-pam.org/⟩.  This page was
       obtained from the project's upstream Git repository
       ⟨https://github.com/linux-pam/linux-pam.git⟩ on 2023-12-22.  (At
       that time, the date of the most recent commit that was found in
       the repository was 2023-12-18.)  If you discover any rendering
       problems in this HTML version of the page, or you believe there
       is a better or more up-to-date source for the page, or you have
       corrections or improvements to the information in this COLOPHON
       (which is not part of the original manual page), send a mail to
       man-pages@man7.org

Linux-PAM Manual               12/22/2023                    FAILLOCK(8)

Pages that refer to this page: faillock.conf(5)pam_faillock(8)