Passwd & Faillock • Syspirit

Managing user accounts, expired passwords, locking and unlocking on a hardened Linux system.

👤 Account Information

📋 View complete account status

sudo chage -l username

✅ Check password status

sudo passwd -S username
# "LK" = locked, "P" = active, "NP" = no password

⚙️ View system policies

sudo cat /etc/login.defs
 
# Important parameters:
# PASS_MAX_DAYS   90    # Max password duration
# PASS_MIN_DAYS   1     # Min delay between changes
# PASS_WARN_AGE   7     # Warning before expiration

🔒 Account Locking

Two types of locking:

🔒 Lock via passwd -l (manual)

Adds a ”!” before the hash in /etc/shadow
User can no longer log in with password
Permanent lock until manual unlock

⚠️ Lock via faillock (automatic)

Monitors failed login attempts
Temporary lock after multiple failures
Protection against bruteforce attacks

🛠️ Lock Management

🔒 Lock/Unlock a user

# Lock
sudo passwd -l username
 
# Unlock
sudo passwd -u username

❗ Manage login failures (faillock)

# View user's failures
sudo faillock --user username
 
# Reset failures (unlock)
sudo faillock --user username --reset
 
# View all users with failures
sudo faillock

⚙️ Faillock Configuration

📜 System configuration

# View configuration
sudo cat /etc/security/faillock.conf

Main parameters:

audit              # Enable audit logs
silent             # Discreet client-side messages
deny = 3           # Lock after 3 failures
fail_interval = 900 # Time window (15 min)
unlock_time = 0    # No automatic unlock (0 = manual)

⏰ Expiration Management

🔧 Modify expiration settings

# Expiration at 90 days, warning 7 days before
sudo chage -M 90 -W 7 username
 
# Force change at next login
sudo chage -d 0 username
 
# Disable expiration
sudo chage -M -1 username

Useful parameters:

-M: Max password duration (days)
-W: Warning before expiration (days)
-I: Inactivity delay before locking (days)
-E: Account expiration date

📜 Logs and Monitoring

🔍 View login logs

# Authentication logs
sudo cat /var/log/auth.log | grep username
 
# Recent logs
sudo tail -f /var/log/auth.log
 
# Search for login failures
sudo grep "Failed password" /var/log/auth.log

📊 Last logins

# Last successful logins
last username
 
# Failed login attempts
lastb username

🚨 Quick Diagnosis

🔍 Account locked? Checklist:

# 1. Check if passwd is locked
sudo passwd -S username
 
# 2. Check faillock failures
sudo faillock --user username
 
# 3. Check expiration
sudo chage -l username
 
# 4. View latest logs
sudo grep username /var/log/auth.log | tail -5

🔧 Complete unlock

# Unlock passwd + reset faillock
sudo passwd -u username && sudo faillock --user username --reset

Search

➤Passwd & Faillock