Forrest logo
tool overview
On this page you find all important commands for the CLI tool faillock. If the command you are looking for is missing please ask our AI.


Faillock is a command line tool used in Linux systems to manage authentication failures and implement account lockouts. It helps in preventing unauthorized access to user accounts by locking them after a certain number of failed login attempts.

  1. Faillock is primarily used to enhance the security of user accounts by enforcing account lockouts.
  2. It keeps track of failed login attempts and locks the account based on a pre-defined policy.
  3. The tool can be configured to lock user accounts for a specific time period or until manual intervention.
  4. It provides an effective defense against brute force attacks or automated script-based login attempts.
  5. Faillock utilizes Pluggable Authentication Modules (PAM) to monitor and manage authentication failures.
  6. Account lockouts can be configured to expire after a certain period, allowing users to regain access automatically after the lockout duration.
  7. Administrators can easily configure and customize the threshold for failed login attempts before an account gets locked.
  8. It offers logging capabilities, allowing administrators to review and monitor failed login attempts.
  9. Faillock also provides an option to unlock the user account manually before the lockout duration ends.
  10. By utilizing Faillock, system administrators can strengthen the security of user accounts, reduce the risk of unauthorized access, and mitigate potential security threats.

List of commands for faillock:

  • faillock:tldr:41ccc faillock: List login failures of all users.
    $ sudo faillock
    try on your machine
    explain this command
  • faillock:tldr:a488c faillock: Reset the failure records of the specified user.
    $ sudo faillock --user ${user} --reset
    try on your machine
    explain this command
  • faillock:tldr:b8d71 faillock: List login failures of the specified user.
    $ sudo faillock --user ${user}
    try on your machine
    explain this command
tool overview