############ THESE SETTINGS ARE REQUIRED ############



########################################################################

#

# SECURE_LOG: the log file that contains sshd logging info

# if you are not sure, grep "sshd:" /var/log/*

#

# The file to process can be overridden with the --file command line

# argument

#

# Redhat or Fedora Core:

#SECURE_LOG = /var/log/secure

#

# Mandrake, FreeBSD or OpenBSD:

SECURE_LOG = /var/log/auth.log

#

# SuSE:

#SECURE_LOG = /var/log/messages

#

########################################################################



########################################################################

# HOSTS_DENY: the file which contains restricted host access information

#

# Most operating systems:

HOSTS_DENY = /etc/hosts.deny

#

# Some BSD (FreeBSD) Unixes:

#HOSTS_DENY = /etc/hosts.allow

#

# Another possibility (also see the next option):

#HOSTS_DENY = /etc/hosts.evil

#######################################################################





########################################################################

# PURGE_DENY: removed HOSTS_DENY entries that are older than this time

# when DenyHosts is invoked with the --purge flag

#

# format is: i[dhwmy]

# Where 'i' is an integer (eg. 7)

# 'm' = minutes

# 'h' = hours

# 'd' = days

# 'w' = weeks

# 'y' = years

#

# never purge:

PURGE_DENY =

#

# purge entries older than 1 week

#PURGE_DENY = 1w

#

# purge entries older than 5 days

#PURGE_DENY = 5d

#######################################################################





#######################################################################

# BLOCK_SERVICE: the service name that should be blocked in HOSTS_DENY

#

# man 5 hosts_access for details

#

# eg. sshd: 127.0.0.1 # will block sshd logins from 127.0.0.1

#

# To block all services for the offending host:

#BLOCK_SERVICE = ALL

# To block only sshd:

BLOCK_SERVICE = sshd

# To only record the offending host and nothing else (if using

# an auxilary file to list the hosts). Refer to:

# http://denyhosts.sourceforge.net/faq.html#aux

#BLOCK_SERVICE =

#

#######################################################################





#######################################################################

#

# DENY_THRESHOLD_INVALID: block each host after the number of failed login

# attempts has exceeded this value. This value applies to invalid

# user login attempts (eg. non-existent user accounts)

#

DENY_THRESHOLD_INVALID = 5

#

#######################################################################



#######################################################################

#

# DENY_THRESHOLD_VALID: block each host after the number of failed

# login attempts has exceeded this value. This value applies to valid

# user login attempts (eg. user accounts that exist in /etc/passwd) except

# for the "root" user

#

DENY_THRESHOLD_VALID = 10

#

#######################################################################



#######################################################################

#

# DENY_THRESHOLD_ROOT: block each host after the number of failed

# login attempts has exceeded this value. This value applies to

# "root" user login attempts only.

#

DENY_THRESHOLD_ROOT = 5

#

#######################################################################





#######################################################################

#

# WORK_DIR: the path that DenyHosts will use for writing data to

# (it will be created if it does not already exist).

#

# Note: it is recommended that you use an absolute pathname

# for this value (eg. /home/foo/denyhosts/data)

#

WORK_DIR = /usr/share/denyhosts/data

#

#######################################################################



#######################################################################

#

# SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS

#

# SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES|NO

# If set to YES, if a suspicious login attempt results from an allowed-host

# then it is considered suspicious. If this is NO, then suspicious logins

# from allowed-hosts will not be reported. All suspicious logins from

# ip addresses that are not in allowed-hosts will always be reported.

#

SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES

######################################################################



######################################################################

#

# HOSTNAME_LOOKUP

#

# HOSTNAME_LOOKUP=YES|NO

# If set to YES, for each IP address that is reported by Denyhosts,

# the corresponding hostname will be looked up and reported as well

# (if available).

#

HOSTNAME_LOOKUP=YES

#

######################################################################





######################################################################

#

# LOCK_FILE

#

# LOCK_FILE=/path/denyhosts

# If this file exists when DenyHosts is run, then DenyHosts will exit

# immediately. Otherwise, this file will be created upon invocation

# and deleted upon exit. This ensures that only one instance is

# running at a time.

#

# Redhat/Fedora:

#LOCK_FILE = /var/lock/subsys/denyhosts

#

# Debian

LOCK_FILE = /var/run/denyhosts.pid

#

# Misc

#LOCK_FILE = /tmp/denyhosts.lock

#

######################################################################





############ THESE SETTINGS ARE OPTIONAL ############





#######################################################################

#

# ADMIN_EMAIL: if you would like to receive emails regarding newly

# restricted hosts and suspicious logins, set this address to

# match your email address. If you do not want to receive these reports

# leave this field blank (or run with the --noemail option)

#

ADMIN_EMAIL =

#

#######################################################################



#######################################################################

#

SMTP_HOST = localhost

SMTP_PORT = 25

SMTP_FROM = DenyHosts <[email protected]>

SMTP_SUBJECT = DenyHosts Report

#SMTP_USERNAME=foo

#SMTP_PASSWORD=bar

#

#######################################################################



######################################################################

#

# ALLOWED_HOSTS_HOSTNAME_LOOKUP

#

# ALLOWED_HOSTS_HOSTNAME_LOOKUP=YES|NO

# If set to YES, for each entry in the WORK_DIR/allowed-hosts file,

# the hostname will be looked up. If your versions of tcp_wrappers

# and sshd sometimes log hostnames in addition to ip addresses

# then you may wish to specify this option.

#

#ALLOWED_HOSTS_HOSTNAME_LOOKUP=NO

#

######################################################################



######################################################################

#

# AGE_RESET_VALID: Specifies the period of time between failed login

# attempts that, when exceeded will result in the failed count for

# this host to be reset to 0. This value applies to login attempts

# to all valid users (those within /etc/passwd) with the

# exception of root. If not defined, this count will never

# be reset.

#

# See the comments in the PURGE_DENY section (above)

# for details on specifying this value or for complete details

# refer to: http://denyhosts.sourceforge.net/faq.html#timespec

#

AGE_RESET_VALID=5d

#

######################################################################



######################################################################

#

# AGE_RESET_ROOT: Specifies the period of time between failed login

# attempts that, when exceeded will result in the failed count for

# this host to be reset to 0. This value applies to all login

# attempts to the "root" user account. If not defined,

# this count will never be reset.

#

# See the comments in the PURGE_DENY section (above)

# for details on specifying this value or for complete details

# refer to: http://denyhosts.sourceforge.net/faq.html#timespec

#

AGE_RESET_ROOT=25d

#

######################################################################



######################################################################

#

# AGE_RESET_INVALID: Specifies the period of time between failed login

# attempts that, when exceeded will result in the failed count for

# this host to be reset to 0. This value applies to login attempts

# made to any invalid username (those that do not appear

# in /etc/passwd). If not defined, count will never be reset.

#

# See the comments in the PURGE_DENY section (above)

# for details on specifying this value or for complete details

# refer to: http://denyhosts.sourceforge.net/faq.html#timespec

#

AGE_RESET_INVALID=10d

#

######################################################################



######################################################################

#

# PLUGIN_DENY: If set, this value should point to an executable

# program that will be invoked when a host is added to the

# HOSTS_DENY file. This executable will be passed the host

# that will be added as it's only argument.

#

#PLUGIN_DENY=/usr/bin/true

#

######################################################################





######################################################################

#

# PLUGIN_PURGE: If set, this value should point to an executable

# program that will be invoked when a host is removed from the

# HOSTS_DENY file. This executable will be passed the host

# that is to be purged as it's only argument.

#

#PLUGIN_PURGE=/usr/bin/true

#

######################################################################



######################################################################

#

# USERDEF_FAILED_ENTRY_REGEX: if set, this value should contain

# a regular expression that can be used to identify additional

# hackers for your particular ssh configuration. This functionality

# extends the built-in regular expressions that DenyHosts uses.

# This parameter can be specified multiple times.

# See this faq entry for more details:

# http://denyhosts.sf.net/faq.html#userdef_regex

#

#USERDEF_FAILED_ENTRY_REGEX=

#

#

######################################################################









######### THESE SETTINGS ARE SPECIFIC TO DAEMON MODE ##########







#######################################################################

#

# DAEMON_LOG: when DenyHosts is run in daemon mode (--daemon flag)

# this is the logfile that DenyHosts uses to report it's status.

# To disable logging, leave blank. (default is: /var/log/denyhosts)

#

DAEMON_LOG = /var/log/denyhosts

#

# disable logging:

#DAEMON_LOG =

#

######################################################################



#######################################################################

#

# DAEMON_LOG_TIME_FORMAT: when DenyHosts is run in daemon mode

# (--daemon flag) this specifies the timestamp format of

# the DAEMON_LOG messages (default is the ISO8061 format:

# ie. 2005-07-22 10:38:01,745)

#

# for possible values for this parameter refer to: man strftime

#

# Jan 1 13:05:59

#DAEMON_LOG_TIME_FORMAT = %b %d %H:%M:%S

#

# Jan 1 01:05:59

#DAEMON_LOG_TIME_FORMAT = %b %d %I:%M:%S

#

######################################################################



#######################################################################

#

# DAEMON_LOG_MESSAGE_FORMAT: when DenyHosts is run in daemon mode

# (--daemon flag) this specifies the message format of each logged

# entry. By default the following format is used:

#

# %(asctime)s - %(name)-12s: %(levelname)-8s %(message)s

#

# Where the "%(asctime)s" portion is expanded to the format

# defined by DAEMON_LOG_TIME_FORMAT

#

# This string is passed to python's logging.Formatter contstuctor.

# For details on the possible format types please refer to:

# http://docs.python.org/lib/node357.html

#

# This is the default:

#DAEMON_LOG_MESSAGE_FORMAT = %(asctime)s - %(name)-12s: %(levelname)-8s %(message)s

#

#

######################################################################





#######################################################################

#

# DAEMON_SLEEP: when DenyHosts is run in daemon mode (--daemon flag)

# this is the amount of time DenyHosts will sleep between polling

# the SECURE_LOG. See the comments in the PURGE_DENY section (above)

# for details on specifying this value or for complete details

# refer to: http://denyhosts.sourceforge.net/faq.html#timespec

#

#

DAEMON_SLEEP = 30s

#

#######################################################################



#######################################################################

#

# DAEMON_PURGE: How often should DenyHosts, when run in daemon mode,

# run the purge mechanism to expire old entries in HOSTS_DENY

# This has no effect if PURGE_DENY is blank.

#

DAEMON_PURGE = 1h

#

#######################################################################





######### THESE SETTINGS ARE SPECIFIC TO ##########

######### DAEMON SYNCHRONIZATION ##########





#######################################################################

#

# Synchronization mode allows the DenyHosts daemon the ability

# to periodically send and receive denied host data such that

# DenyHosts daemons worldwide can automatically inform one

# another regarding banned hosts. This mode is disabled by

# default, you must uncomment SYNC_SERVER to enable this mode.

#

# for more information, please refer to:

# http:/denyhosts.sourceforge.net/faq.html#sync

#

#######################################################################





#######################################################################

#

# SYNC_SERVER: The central server that communicates with DenyHost

# daemons. Currently, denyhosts.net is the only available server

# however, in the future, it may be possible for organizations to

# install their own server for internal network synchronization

#

# To disable synchronization (the default), do nothing.

#

# To enable synchronization, you must uncomment the following line:

#SYNC_SERVER = http://xmlrpc.denyhosts.net:9911

#

#######################################################################



#######################################################################

#

# SYNC_INTERVAL: the interval of time to perform synchronizations if

# SYNC_SERVER has been uncommented. The default is 1 hour.

#

#SYNC_INTERVAL = 1h

#

#######################################################################





#######################################################################

#

# SYNC_UPLOAD: allow your DenyHosts daemon to transmit hosts that have

# been denied? This option only applies if SYNC_SERVER has

# been uncommented.

#

#SYNC_UPLOAD = no

#

# the default:

#SYNC_UPLOAD = yes

#

#######################################################################





#######################################################################

#

# SYNC_DOWNLOAD: allow your DenyHosts daemon to receive hosts that have

# been denied by others? This option only applies if SYNC_SERVER has

# been uncommented.

#

#SYNC_DOWNLOAD = no

#

# the default:

#SYNC_DOWNLOAD = yes

#

#######################################################################



#######################################################################

#

# SYNC_DOWNLOAD_THRESHOLD: If SYNC_DOWNLOAD is enabled this paramter

# filters the returned hosts to those that have been blocked this many

# times by others. That is, if set to 1, then if a single DenyHosts

# server has denied an ip address then you will receive the denied host.

#

#SYNC_DOWNLOAD_THRESHOLD = 10

#

# the default:

#SYNC_DOWNLOAD_THRESHOLD = 3

#

#######################################################################