“faillock” is a command-line tool in Linux-based systems that allows users to display and modify the authentication failure record files, also known as the “faillog” file. The faillog file keeps track of the number of failed login attempts for each user on the system, and is used as part of the authentication process to prevent brute-force attacks.
The “faillock” command can be used to display the contents of the faillog file, including the username, the number of failed login attempts, and the date of the last failed attempt. It can also be used to lock or unlock a user account, based on the number of failed login attempts. For example, if a user has exceeded a certain number of failed login attempts, the “faillock” command can be used to lock their account, preventing them from logging in until an administrator unlocks it.
Additionally, using the faillock command with the appropriate options, an administrator can also clear the faillog file, or set the maximum number of failed login attempts before an account is locked.
If you encounter the below error while running the command faillock:
faillock: command not found
you may try installing the below package as per your choice of distribution:
| Distribution | Command |
|---|---|
| Arch Linux | pacman -S pam |
| CentOS | yum install pam |
| Fedora | dnf install pam |
faillock Command Examples
1. List login failures of all users:
# sudo faillock
2. List login failures of the specified user:
# sudo faillock --user user
3. Reset the failure records of the specified user:
# sudo faillock --user user --reset