Preventing reverse DNS lookups
Jeff Saxton
jeff_saxton at bigfix.com
Fri Dec 14 14:42:58 UTC 2007
This is a function of syslog, use syslog-ng and you can turn this off.
-----Original Message-----
From: pam-list-bounces at redhat.com [mailto:pam-list-bounces at redhat.com]
On Behalf Of Eric Smith
Sent: Friday, December 14, 2007 6:30 AM
To: pam-list at redhat.com
Subject: Preventing reverse DNS lookups
I've googled this for several hours and gotten nowhere, so I'm turning
to this list in hopes someone can point me in the right direction.
I think this is a PAM question. If not, my apologies.
I want to prevent reverse DNS lookups on log lines like this:
Dec 13 20:13:14 myhost vsftpd: pam_unix(vsftpd:auth): authentication
failure; logname= uid=0 euid=0 tty=ftp ruser=adrian
rhost=s42.deinprovider.de
I want to see the actual IP address in the rhost= part, so I can scan
the log files (maybe using swatch) and block these people from brute
forcing me. Since the reverse DNS is likely under their control, it's
useless to get address of the perpetrator.
Is there some pam (or maybe pam_unix) option to disable reverse DNS
lookups? I would think this is a common need, but I can't find much
info on it online.
Thanks for any pointers. I've started looking through the source to
pam, and I'll continue down that path next. But hopefully someone can
save me the time!
Eric.
_______________________________________________
Pam-list mailing list
Pam-list at redhat.com
https://www.redhat.com/mailman/listinfo/pam-list
More information about the Pam-list
mailing list