Implement Multi-Factor Authentication (MFA) for users


senhasegura has syslog logs related to MFA authentication, indicating whether the token authentication was successful or failed, as well as identifying the user and the date. See an example below:

May 24 12:32:16 senhaseguralab senhasegura[773959]: May 24 12:32:16 senhaseguralab CEF:0|MT4|senhasegura|3.32.1-1|1695.001|Orbini - Authentication|5| dvc= spid=773959 src=v=Administrator msg=Token does not match. requestMethod=POST act=Multi-factor authentication cs1Label=Plugin cs1=Google cs2Label=Error code cs2=100 cs5Label=Country code cs5=- cs6Lab

Check below some examples of commands that can be used to query these logs:

  • To check all logins generated with MFA:

- cat /var/log/syslog |grep Multi-factor

  • To check MFA logs for a specific user:

- cat /var/log/syslog | grep '[usuário desejado]' | grep Multi-factor

  • To filter successful logins:

- cat /var/log/syslog |grep Multi-factor | grep 'Token validated'

  • To filter unsuccessful logins:

- cat /var/log/syslog |grep Multi-factor | grep 'does not match'

If you need to save the information to a file, just add “> [filename.txt]” at the end of the command.