summaryrefslogtreecommitdiff
path: root/man/faillog.8.xml
diff options
context:
space:
mode:
Diffstat (limited to 'man/faillog.8.xml')
-rw-r--r--man/faillog.8.xml270
1 files changed, 270 insertions, 0 deletions
diff --git a/man/faillog.8.xml b/man/faillog.8.xml
new file mode 100644
index 00000000..a6462124
--- /dev/null
+++ b/man/faillog.8.xml
@@ -0,0 +1,270 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Copyright (c) 1989 - 1994, Julianne Frances Haugh
+ Copyright (c) 2007 - 2011, Nicolas François
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ 3. The name of the copyright holders or contributors may not be used to
+ endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!-- SHADOW-CONFIG-HERE -->
+]>
+<refentry id='faillog.8'>
+ <!-- $Id: faillog.8.xml 3742 2012-05-25 11:45:21Z nekral-guest $ -->
+ <refentryinfo>
+ <author>
+ <firstname>Julianne Frances</firstname>
+ <surname>Haugh</surname>
+ <contrib>Creation, 1989</contrib>
+ </author>
+ <author>
+ <firstname>Thomas</firstname>
+ <surname>Kłoczko</surname>
+ <email>kloczek@pld.org.pl</email>
+ <contrib>shadow-utils maintainer, 2000 - 2007</contrib>
+ </author>
+ <author>
+ <firstname>Nicolas</firstname>
+ <surname>François</surname>
+ <email>nicolas.francois@centraliens.net</email>
+ <contrib>shadow-utils maintainer, 2007 - now</contrib>
+ </author>
+ </refentryinfo>
+ <refmeta>
+ <refentrytitle>faillog</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
+ <refmiscinfo class="source">shadow-utils</refmiscinfo>
+ <refmiscinfo class="version">&SHADOW_UTILS_VERSION;</refmiscinfo>
+ </refmeta>
+ <refnamediv id='name'>
+ <refname>faillog</refname>
+ <refpurpose>display faillog records or set login failure limits</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv id='synopsis'>
+ <cmdsynopsis>
+ <command>faillog</command>
+ <arg choice='opt'>
+ <replaceable>options</replaceable>
+ </arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1 id='description'>
+ <title>DESCRIPTION</title>
+ <para>
+ <command>faillog</command> displays the contents of the failure log
+ database (<filename>/var/log/faillog</filename>). It can also
+ set the failure counters and limits. When
+ <command>faillog</command> is run without arguments, it only displays the
+ faillog records of the users who had a login failure.
+ </para>
+ </refsect1>
+
+ <refsect1 id='options'>
+ <title>OPTIONS</title>
+ <para>
+ The options which apply to the <command>faillog</command> command
+ are:
+ </para>
+ <variablelist remap='IP'>
+ <varlistentry>
+ <term><option>-a</option>, <option>--all</option></term>
+ <listitem>
+ <para>
+ Display (or act on) faillog records for all users having an
+ entry in the <filename>faillog</filename> database.
+ </para>
+ <para>
+ The range of users can be restricted with the
+ <option>-u</option> option.
+ </para>
+ <para>
+ In display mode, this is still restricted to existing users
+ but forces the display of the faillog entries even if they
+ are empty.
+ </para>
+ <para>
+ With the <option>-l</option>, <option>-m</option>,
+ <option>-r</option>, <option>-t</option> options, the users'
+ records are changed, even if the user does not exist on the
+ system. This is useful to reset records of users that have
+ been deleted or to set a policy in advance for a range of
+ users.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>-h</option>, <option>--help</option></term>
+ <listitem>
+ <para>Display help message and exit.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>-l</option>, <option>--lock-secs</option>
+ <replaceable>SEC</replaceable>
+ </term>
+ <listitem>
+ <para>
+ Lock account for <replaceable>SEC</replaceable>
+ seconds after failed login.
+ </para>
+ <para>
+ Write access to <filename>/var/log/faillog</filename>
+ is required for this option.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>-m</option>, <option>--maximum</option>
+ <replaceable>MAX</replaceable>
+ </term>
+ <listitem>
+ <para>
+ Set the maximum number of login failures after the account is
+ disabled to <replaceable>MAX</replaceable>.
+ </para>
+ <para>
+ Selecting a
+ <replaceable>MAX</replaceable> value of 0 has the effect of not
+ placing a limit on the number of failed logins.
+ </para>
+ <para>
+ The maximum
+ failure count should always be 0 for <emphasis>root</emphasis>
+ to prevent a denial of services attack against the system.
+ </para>
+ <para>
+ Write access to <filename>/var/log/faillog</filename>
+ is required for this option.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>-r</option>, <option>--reset</option></term>
+ <listitem>
+ <para>
+ Reset the counters of login failures.
+ </para>
+ <para>
+ Write access to <filename>/var/log/faillog</filename>
+ is required for this option.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>-R</option>, <option>--root</option>
+ <replaceable>CHROOT_DIR</replaceable>
+ </term>
+ <listitem>
+ <para>
+ Apply changes in the <replaceable>CHROOT_DIR</replaceable>
+ directory and use the configuration files from the
+ <replaceable>CHROOT_DIR</replaceable> directory.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>-t</option>, <option>--time</option>
+ <replaceable>DAYS</replaceable>
+ </term>
+ <listitem>
+ <para>
+ Display faillog records more recent than
+ <replaceable>DAYS</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>-u</option>, <option>--user</option>
+ <replaceable>LOGIN</replaceable>|<replaceable>RANGE</replaceable>
+ </term>
+ <listitem>
+ <para>
+ Display faillog record or maintains failure counters and limits
+ (if used with <option>-l</option>, <option>-m</option> or
+ <option>-r</option> options) only for the specified user(s).
+ </para>
+ <para>
+ The users can be specified by a login name, a numerical user
+ ID, or a <replaceable>RANGE</replaceable> of users. This
+ <replaceable>RANGE</replaceable> of users can be specified
+ with a min and max values
+ (<replaceable>UID_MIN-UID_MAX</replaceable>), a max value
+ (<replaceable>-UID_MAX</replaceable>), or a min value
+ (<replaceable>UID_MIN-</replaceable>).
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>
+ When none of the <option>-l</option>, <option>-m</option>, or
+ <option>-r</option> options are used, <command>faillog</command>
+ displays the faillog record of the specified user(s).
+ </para>
+ </refsect1>
+
+ <refsect1 id='caveats'>
+ <title>CAVEATS</title>
+ <para>
+ <command>faillog</command> only prints out users with no successful
+ login since the last failure. To print out a user who has had a
+ successful login since their last failure, you must explicitly request
+ the user with the <option>-u</option> flag, or print out all users
+ with the <option>-a</option> flag.
+ </para>
+ </refsect1>
+
+ <refsect1 id='files'>
+ <title>FILES</title>
+ <variablelist>
+ <varlistentry>
+ <term><filename>/var/log/faillog</filename></term>
+ <listitem>
+ <para>Failure logging file.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>faillog</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>.
+ </para>
+ </refsect1>
+</refentry>