/var/log/faillog is a log file for failed login attempts. This file maintains a count of login failures and the limits for each account. The file is fixed length record, indexed by numerical ID. Each record contains the count of login failures since the last successful login; the maximum number of failures before the account is disabled; the line the last login failure occurred on; and the date the last login failure occurred. Since data is in binary format you need to use faillog command to display failed login attempt.
faillog [options]
Options:
-a, --all display faillog records for all users
-h, --help display this help message and exit
-l, --lock-secs SEC after failed login lock account for SEC seconds
-m, --maximum MAX set maximum failed login counters to MAX
-r, --reset reset the counters of login failures
-R, --root CHROOT_DIR directory to chroot into
-t, --time DAYS display faillog records more recent than DAYS
-u, --user LOGIN/RANGE display faillog record or maintains failure
counters and limits (if used with -r, -m,
or -l) only for the specified LOGIN(s)
How do I use faillog?
To display failed login attempt for user root with following command:
$ faillog -u root
To display failed login attempt for user root with following command:
$ faillog -u root
Sample output
faillog -u root
Login Failures Maximum Latest On
root 0 0 01/01/70 05:30:00 +0530
To display all failed login attempt try:
$ faillog -a
$ faillog -a
faillog -a
Login Failures Maximum Latest On
root 0 0 01/01/70 05:30:00 +0530
daemon 0 0 01/01/70 05:30:00 +0530
bin 0 0 01/01/70 05:30:00 +0530
sys 0 0 01/01/70 05:30:00 +0530
sync 0 0 01/01/70 05:30:00 +0530
games 0 0 01/01/70 05:30:00 +0530
man 0 0 01/01/70 05:30:00 +0530
lp 0 0 01/01/70 05:30:00 +0530
mail 0 0 01/01/70 05:30:00 +0530
news 0 0 01/01/70 05:30:00 +0530
uucp 0 0 01/01/70 05:30:00 +0530
No comments:
Post a Comment