• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

CentOS / RHEL 5 : How to use the faillog command to track failed login attempts

by admin

The failog command formats and displays the contents of the failure log (/var/log/faillog) and maintains failure counts and limits. The faillog functionality has to be enabled by adding the pam_tally.so module to the respective file in /etc/pam.d/. Below are the steps to setup the faillog utility to track failed login attempts.

1. Edit the /etc/pam.d/system-auth file and add the following lines:

# vi /etc/pam.d/system-auth
auth      required     pam_tally.so no_magic_root
account   required     pam_tally.so deny=2 no_magic_root

2. Test the configuration by attempting to login as a normal user, but using a wrong password. Verify the failed count increments by running the command:

# faillog -u [username]

For Example,

# faillog
Login    Failures      Maximum      Latest                        On
geek     1             2            05/24/17 15:39:35 +0200       /dev/tty2

The faillog command prints out only users with no successful login since the last failure. To print out a user who has had a successful login since his last failure, you must explicitly request the user with the -u option.

3. The failed login is recorded in /var/log/faillog in some specific binary format by default, and the utility faillog only can parse /var/log/faillog to get the failed logins. We don’t have any option to make faillog to read logs in other places.

4. To grant access again to a user who had more failures than the limit, enter:

# faillog -r [user]

You can also use pam_tally commands to do the same – to display the number of failed attempts:

# pam_tally --user [username]

And to reset the count:

# pam_tally --user [username] --reset[=n]

Filed Under: CentOS/RHEL 5, Linux

Some more articles you might also be interested in …

  1. legit: command not found
  2. quotaon command examples in Linux
  3. How to Configure an NFSv4-only Client using nfsconf in CentOS/RHEL 8
  4. swapon and swapoff Command Examples in Linux
  5. “shutdown” Command Examples in Linux
  6. CentOS / RHEL 7 : How to disable IPv6 on a specific interface only
  7. losetup Command Examples in Linux
  8. a2dismod: command not found
  9. CentOS / RHEL 7 : How to remove rescue image using grubby
  10. How to Check vendor of installed RPM packages in Linux

You May Also Like

Primary Sidebar

Recent Posts

  • protonvpn-cli Command Examples in Linux
  • protonvpn-cli connect Command Examples
  • procs Command Examples in Linux
  • prlimit: command not found

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright