TCP Auditing

["Aaron D. Turner" <aturner@pobox.com>]

-----BEGIN PGP SIGNED MESSAGE-----


I've been trying to figure out what's been causing *a lot* of messages
regarding *every* tcp connection to get logged to /var/log/messages.  

Basically every TCP connection generates a one line log message saying the
source IP, port, and wether it was accepted or denyed. Good for firewalls,
bad for web servers.  Turns out its a feature that's part of the strobe
protection that can be disabled seperately.

Anyways, I'm recompiling the kernel on Vodka now to turn this off (it's
not available as a module). This will of course require a remote reboot.  
I'm scheduling this for 10:30am Pacific, Sunday the 24th.  If for some
reason it doesn't come back up on it's own (about 2 minutes), then I'll
drive in to NaviSite to get it back up.

If you need to get a hold of me for some reason regarding this issue, send
an email to me with "PAGER_ALERT" (without the quotes) in the subject and
I will be paged with your email to my alphapager.

- -- 
Aaron Turner           | Either which way, one half dozen or another. 
aturner@pobox.com      | Check out the Red Hat Linux User's FAQ Online!
www.pobox.com/~aturner | http://www.pobox.com/~aturner/RedHat-FAQ/
All emails from this account are PGP signed.  Lack of a signature is "bad".
PGP Key fingerprint = FB E1 CE ED 57 E4 AB 80  59 6E 60 BF 45 1B 20 E8




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNqqoBjM3jpXy1kJtAQEcIgP/f/SzbLq4e/LsFkdGLw0JXR0+J0YkqgwZ
N/8EpEE1LGTpQglur3jYMhyPl6x2knvL3PNn9ABoOD02bDUr5dZii/hNjca3REP3
Xq4F9xIMqwnH2m15t4n8pvn9nwBsiRhFfYKUvRysz33DHM72N/g5ute4RlzsLLKi
ZgIhPQ3ibtY=
=31GW
-----END PGP SIGNATURE-----