On Wed, Apr 18, 2001 at 05:59:28PM -0500, Steve Langasek wrote:
> ALL: PARANOID does not provide significant security benefits in protecting
> your machine from attacks; but it *does* provide better audit logs by ensuring
> that, if your machine is attacked or broken into, tcpd will prevent the
> attacker from spoofing a DNS name *that he doesn't have control over*. This
> means that, even if the attacker is playing tricks with DNS, the audit log
> will still point the finger at the responsible parties. That's a valuable
> feature, because it helps us improve security on the Internet for *everyone*.
> Making it harder for script kiddies to get away with haX0ring boxes seems like
> a worthy goal to me...
Which audit log? The lastlog?
LAST,LASTB(1) Linux System Administrator's Manual LAST,LASTB(1)
[...]
-d For non-local logins, Linux stores not only the
host name of the remote host but its IP number as
well. This option translates the IP number back
into a hostname.
My SSH lines in auth.log give the IP address. My xinetd logs IP addresses.
Which services are still logging only hostnames?
--Adam
--
Adam McKenna <adam@debian.org> <adam@flounder.net>