[openssh-commits] [openssh] branch master updated: Don't log audit messages with UNKNOWN hostname
git+noreply at mindrot.org
git+noreply at mindrot.org
Tue Sep 30 09:52:06 AEST 2025
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
The following commit(s) were added to refs/heads/master by this push:
new e5055ef26 Don't log audit messages with UNKNOWN hostname
e5055ef26 is described below
commit e5055ef26abcffd3f99669e411ea6b35ca166111
Author: Allison Karlitskaya <allison.karlitskaya at redhat.com>
AuthorDate: Wed Sep 3 20:07:55 2025 +0200
Don't log audit messages with UNKNOWN hostname
The `host` parameter to audit_log_acct_message() is documented as
follows:
host - The hostname if known. If not available pass a NULL.
but we pass the string "UNKNOWN" in case we don't know the hostname.
Make sure we pass NULL instead.
This avoids having the audit system attempt to perform a DNS lookup on
the hostname "UNKNOWN", which tends to result in long delays when
attempting to login.
---
audit-linux.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/audit-linux.c b/audit-linux.c
index 8b9854f73..954eabe27 100644
--- a/audit-linux.c
+++ b/audit-linux.c
@@ -51,6 +51,8 @@ linux_audit_record_event(int uid, const char *username, const char *hostname,
else
return 0; /* Must prevent login */
}
+ if (hostname != NULL && strcmp(hostname, "UNKNOWN") == 0)
+ hostname = NULL;
rc = audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN,
NULL, "login", username ? username : "(unknown)",
username == NULL ? uid : -1, hostname, ip, ttyn, success);
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list