[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default

On Wed, Apr 18, 2001 at 05:59:28PM -0500, Steve Langasek wrote:
> ALL: PARANOID does not provide significant security benefits in protecting
> your machine from attacks; but it *does* provide better audit logs by ensuring
> that, if your machine is attacked or broken into, tcpd will prevent the
> attacker from spoofing a DNS name *that he doesn't have control over*.  This
> means that, even if the attacker is playing tricks with DNS, the audit log
> will still point the finger at the responsible parties.  That's a valuable
> feature, because it helps us improve security on the Internet for *everyone*.
> Making it harder for script kiddies to get away with haX0ring boxes seems like
> a worthy goal to me...

Which audit log?  The lastlog?

LAST,LASTB(1)  Linux System Administrator's Manual  LAST,LASTB(1)


       -d     For  non-local  logins,  Linux  stores not only the
              host name of the remote host but its IP  number  as
              well.  This  option  translates  the IP number back
              into a hostname.

My SSH lines in auth.log give the IP address.   My xinetd logs IP addresses.
Which services are still logging only hostnames?


Adam McKenna  <adam@debian.org>  <adam@flounder.net>

Reply to: