** Description changed: By default, logwatch performs a hostname lookup of every IP address reported in SSHD logs. This has two negative consequences: - 1. If there are lots of IP addresses to lookup, this increases the runtime of logwatch significantly. - 2. If logwatch is set to email logs, some spam filters detect the hostnames as URLs and will flag the log as spam due to the apparently large number of links in the email. See https://serverfault.com/questions/977628/logwatch-emails-marked-as-spam-how-to-stop-reverse-dns-on-bot-hosts/1042679 . + 1. If there are lots of IP addresses to lookup, this increases the run time of logwatch significantly. + 2. If logwatch is set to email logs, some spam filters detect the hostnames as URLs and will flag the email as spam due to the apparently large number of links. See https://serverfault.com/questions/977628/logwatch-emails-marked-as-spam-how-to-stop-reverse-dns-on-bot-hosts/1042679 . Following a request for help to disable hostname lookups in sshd... https://sourceforge.net/p/logwatch/discussion/1115929/thread/952d84109c/ a developer committed a change to support this feature... https://sourceforge.net/p/logwatch/git/ci/88c0d675f10e425faeddd23316c061f425f39a06/ This wishlist has two requests: - 1. Backport the patch (which is very easy to apply) to logwatch packages in currently supported LTS versions of Ubuntu - 2. Set the distribution default config to disable SSHD IP lookups by default. This could be accomplished by introducing /usr/share/logwatch/dist.conf/services/sshd.conf with contents: + 1. Backport the patch (which is very easy to apply) to logwatch packages in currently supported LTS versions of Ubuntu. The patch defaults to performing the IP lookup, so this would not change the behavior of any existing installations, but it would expose the ability to disable these lookups if needed. + 2. For future Ubuntu distributions, set the config to disable SSHD IP lookups by default. This could be accomplished by introducing /usr/share/logwatch/dist.conf/services/sshd.conf with contents: $sshd_ip_lookup = No
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1904362 Title: [Wishlist] Disable hostname lookup by default for logwatch service sshd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1904362/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
