Re: CentOS 5 sshd does not log IP address of reverse mapping failure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 03/07/2013 08:45 AM, Tilman Schmidt wrote:
>> >As long as you get the IP address for failed logins, ignore reverse
>> >mapping failures.
> Trouble is, I don't:

Are you watching the messages or secure log?

# cat /etc/redhat-release
CentOS release 5.8 (Final)
# tail -f /var/log/secure
Mar  8 11:46:54 firewall sshd[27455]: pam_unix(sshd:auth): 
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= 
rhost=173-xx-xx-xx-washington.hfc.comcastbusiness.net  user=root
Mar  8 11:46:56 firewall sshd[27455]: Failed password for root from 
173.xx.xx.xx port 51437 ssh2

The standard configuration should be logging the IP address of failed 
logins.

I don't think I have access to any hosts where the reverse lookup is 
broken, so I'm not sure if what you're seeing is a result of a logging 
bug related to PTR mismatch, or what.

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux