version 1, including all changes.
.
| Rev |
Author |
# |
Line |
| 1 |
perry |
1 |
FAILLOG |
| |
|
2 |
!!!FAILLOG |
| |
|
3 |
NAME |
| |
|
4 |
SYNOPSIS |
| |
|
5 |
DESCRIPTION |
| |
|
6 |
CAVEATS |
| |
|
7 |
FILES |
| |
|
8 |
SEE ALSO |
| |
|
9 |
AUTHOR |
| |
|
10 |
---- |
| |
|
11 |
!!NAME |
| |
|
12 |
|
| |
|
13 |
|
| |
|
14 |
faillog - examine faillog and set login failure limits |
| |
|
15 |
!!SYNOPSIS |
| |
|
16 |
|
| |
|
17 |
|
| |
|
18 |
__faillog__ |
| |
|
19 |
|
| |
|
20 |
|
| |
|
21 |
[[__-u__ ''login-name''] [[__-a__] [[__-t__ |
| |
|
22 |
''days''] [[__-m__ ''max''] |
| |
|
23 |
[[__-pr__] |
| |
|
24 |
!!DESCRIPTION |
| |
|
25 |
|
| |
|
26 |
|
| |
|
27 |
__faillog__ formats the contents of the failure log, |
| |
|
28 |
''/var/log/faillog'', and maintains failure counts and |
| |
|
29 |
limits. The order of the arguments to __faillog__ is |
| |
|
30 |
significant. Each argument is processed immediately in the |
| |
|
31 |
order given. |
| |
|
32 |
|
| |
|
33 |
|
| |
|
34 |
The __-p__ flag causes failure entries to be printed in |
| |
|
35 |
UID order. Entering __-u__ ''login-name'' flag will |
| |
|
36 |
cause the failure record for ''login-name'' only to be |
| |
|
37 |
printed. Entering __-t__ ''days'' will cause only the |
| |
|
38 |
failures more recent than ''days'' to be printed. The |
| |
|
39 |
__-t__ flag overrides the use of __-u__. The __-a__ |
| |
|
40 |
flag causes all users to be selected. When used with the |
| |
|
41 |
__-p__ flag, this option selects all users who have ever |
| |
|
42 |
had a login failure. It is meaningless with the __-r__ |
| |
|
43 |
flag. |
| |
|
44 |
|
| |
|
45 |
|
| |
|
46 |
The __-r__ flag is used to reset the count of login |
| |
|
47 |
failures. Write access to ''/var/log/faillog'' is |
| |
|
48 |
required for this option. Entering __-u__ |
| |
|
49 |
''login-name'' will cause only the failure count for |
| |
|
50 |
''login-name'' to be reset. |
| |
|
51 |
|
| |
|
52 |
|
| |
|
53 |
The __-m__ flag is used to set the maximum number of |
| |
|
54 |
login failures before the account is disabled. Write access |
| |
|
55 |
to ''/var/log/faillog'' is required for this option. |
| |
|
56 |
Entering __-m__ ''max'' will cause all accounts to be |
| |
|
57 |
disabled after ''max'' failed logins occur. This may be |
| |
|
58 |
modified with __-u__ ''login-name'' to limit this |
| |
|
59 |
function to ''login-name'' only. Selecting a ''max'' |
| |
|
60 |
value of 0 has the effect of not placing a limit on the |
| |
|
61 |
number of failed logins. The maximum failure count should |
| |
|
62 |
always be 0 for __root__ to prevent a denial of services |
| |
|
63 |
attack against the system. |
| |
|
64 |
|
| |
|
65 |
|
| |
|
66 |
Options may be combined in virtually any fashion. Each |
| |
|
67 |
__-p__, __-r__, and __-m__ option will cause |
| |
|
68 |
immediate execution using any __-u__ or __-t__ |
| |
|
69 |
modifier. |
| |
|
70 |
!!CAVEATS |
| |
|
71 |
|
| |
|
72 |
|
| |
|
73 |
__faillog__ only prints out users with no successful |
| |
|
74 |
login since the last failure. To print out a user who has |
| |
|
75 |
had a successful login since their last failure, you must |
| |
|
76 |
explicitly request the user with the __-u__ flag, or |
| |
|
77 |
print out all users with the __-a__ flag. |
| |
|
78 |
|
| |
|
79 |
|
| |
|
80 |
Some systems may replace /var/log with /var/adm or |
| |
|
81 |
/usr/adm. |
| |
|
82 |
!!FILES |
| |
|
83 |
|
| |
|
84 |
|
| |
|
85 |
/var/log/faillog - failure logging file |
| |
|
86 |
!!SEE ALSO |
| |
|
87 |
|
| |
|
88 |
|
| |
|
89 |
login(1), faillog(5) |
| |
|
90 |
!!AUTHOR |
| |
|
91 |
|
| |
|
92 |
|
| |
|
93 |
Julianne Frances Haugh (jfh@austin.ibm.com) |
| |
|
94 |
---- |
