RE: Preventing reverse DNS lookups

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a function of syslog, use syslog-ng and you can turn this off.

-----Original Message-----
From: pam-list-bounces@xxxxxxxxxx [mailto:pam-list-bounces@xxxxxxxxxx]
On Behalf Of Eric Smith
Sent: Friday, December 14, 2007 6:30 AM
To: pam-list@xxxxxxxxxx
Subject: Preventing reverse DNS lookups

I've googled this for several hours and gotten nowhere, so I'm turning 
to this list in hopes someone can point me in the right direction.

I think this is a PAM question.  If not, my apologies.

I want to prevent reverse DNS lookups on log lines like this:

Dec 13 20:13:14 myhost vsftpd: pam_unix(vsftpd:auth): authentication 
failure; logname= uid=0 euid=0 tty=ftp ruser=adrian 
rhost=s42.deinprovider.de

I want to see the actual IP address in the rhost= part, so I can scan 
the log files (maybe using swatch) and block these people from brute 
forcing me.  Since the reverse DNS is likely under their control, it's 
useless to get address of the perpetrator.

Is there some pam (or maybe pam_unix) option to disable reverse DNS 
lookups?  I would think this is a common need, but I can't find much 
info on it online.

Thanks for any pointers.  I've started looking through the source to 
pam, and I'll continue down that path next.  But hopefully someone can 
save me the time!

Eric.

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux