search

cloudposse / bastion

🔒Secure Bastion implemented as Docker Container running Alpine Linux with Google Authenticator & DUO MFA support
https://cloudposse.com/accelerate
Apache License 2.0
640 stars 112 forks source link

Reset the Failures counter after login. Fixes #41 #53

Closed marji closed 4 years ago

marji commented 4 years ago

With the way pam_tally2 is currently configured, the counter gets increased every time a user logs in. I'm adding the part which actually reset the counter after a successful login.

This fixes #41.

This is how to verify the failures number increases every time one logs in (e.g. when the connection is established, but before the mfa challenge is answered):

bash-4.4# pam_tally2 --user root
Login           Failures Latest failure     From
root                1    11/08/19 07:32:46  172.17.0.1

With this PR in place, you will see the counter getting back to 0 after a successful login (after mfa challenge is successfully answered).