Preventing reverse DNS lookups
Eric Smith
eric at trueblade.com
Fri Dec 14 14:29:32 UTC 2007
I've googled this for several hours and gotten nowhere, so I'm turning
to this list in hopes someone can point me in the right direction.
I think this is a PAM question. If not, my apologies.
I want to prevent reverse DNS lookups on log lines like this:
Dec 13 20:13:14 myhost vsftpd: pam_unix(vsftpd:auth): authentication
failure; logname= uid=0 euid=0 tty=ftp ruser=adrian
rhost=s42.deinprovider.de
I want to see the actual IP address in the rhost= part, so I can scan
the log files (maybe using swatch) and block these people from brute
forcing me. Since the reverse DNS is likely under their control, it's
useless to get address of the perpetrator.
Is there some pam (or maybe pam_unix) option to disable reverse DNS
lookups? I would think this is a common need, but I can't find much
info on it online.
Thanks for any pointers. I've started looking through the source to
pam, and I'll continue down that path next. But hopefully someone can
save me the time!
Eric.
More information about the Pam-list
mailing list