[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: bin/42540: /usr/bin/login does not log normal logins, does not log IP addresses
The following reply was made to PR bin/42540; it has been noted by GNATS.
From: christos%zoulas.com@localhost (Christos Zoulas)
To: gnats-bugs%NetBSD.org@localhost, gnats-admin%netbsd.org@localhost,
Subject: Re: bin/42540: /usr/bin/login does not log normal logins, does not log
Date: Tue, 29 Dec 2009 10:44:07 -0500
On Dec 29, 3:35pm, eravin%panix.com@localhost (eravin%panix.com@localhost)
-- Subject: bin/42540: /usr/bin/login does not log normal logins, does not lo
| 1. /usr/bin/login does not seem to generate syslog messages for
| normal, successful logins. syslog messages are only produced in
| case of error, in case of root login, and a few other special cases.
Yes, that is the historical behavior.
| 2. When /usr/bin/login does generate syslog messages regarding
| remote connections, it uses the looked-up hostname, not the IP
| address. The IP address is needed since the results of DNS lookups
| can change over time and are not a reliable way to audit which
| hosts are connecting to you,
Yes, because it is only being passed in the hostname; it does not
lookup anything. Even the hostname passed can be bogus (although
one presumes that the daemon that forks login is trusted).
So your desired behavior is to use getpeername(2) to determine if
the login is remote and always syslog(LOG_INFO the infomation?
Main Index |
Thread Index |