]>
Commit | Line | Data |
---|---|---|
6b557d34 | 1 | ############ THESE SETTINGS ARE REQUIRED ############ |
cb64b9ac | 2 | |
3 | ######################################################################## | |
4 | # | |
5 | # SECURE_LOG: the log file that contains sshd logging info | |
6 | # if you are not sure, grep "sshd:" /var/log/* | |
7 | # | |
8 | # The file to process can be overridden with the --file command line | |
9 | # argument | |
10 | # | |
11 | # Redhat: | |
12 | SECURE_LOG = /var/log/secure | |
13 | # | |
6b557d34 | 14 | # Mandrake or FreeBSD: |
cb64b9ac | 15 | #SECURE_LOG = /var/log/auth.log |
16 | # | |
17 | # SuSE: | |
18 | #SECURE_LOG = /var/log/messages | |
19 | # | |
20 | ######################################################################## | |
21 | ||
6b557d34 | 22 | |
cb64b9ac | 23 | ######################################################################## |
24 | # HOSTS_DENY: the file which contains restricted host access information | |
25 | # | |
6b557d34 | 26 | # Most operating systems: |
cb64b9ac | 27 | HOSTS_DENY = /etc/tcpd/hosts.deny |
28 | # | |
6b557d34 | 29 | # Some BSD (FreeBSD) Unixes: |
30 | #HOSTS_DENY = /etc/hosts.allow | |
31 | # | |
32 | # Another possibility (also see the next option): | |
33 | #HOSTS_DENY = /etc/hosts.evil | |
34 | ####################################################################### | |
35 | ||
36 | ||
37 | ######################################################################## | |
38 | # PURGE_DENY: removed HOSTS_DENY entries that are older than this time | |
39 | # when DenyHosts is invoked with the --purge flag | |
40 | # | |
41 | # format is: i[dhwmy] | |
42 | # Where 'i' is an integer (eg. 7) | |
43 | # 'm' = minutes | |
44 | # 'h' = hours | |
45 | # 'd' = days | |
46 | # 'w' = weeks | |
47 | # 'y' = years | |
48 | # | |
49 | # never purge: | |
50 | PURGE_DENY = | |
51 | # | |
52 | # purge entries older than 1 week | |
53 | #PURGE_DENY = 1w | |
54 | # | |
55 | # purge entries older than 5 days | |
56 | #PURGE_DENY = 5d | |
cb64b9ac | 57 | ####################################################################### |
58 | ||
59 | ||
60 | ####################################################################### | |
61 | # BLOCK_SERVICE: the service name that should be blocked in HOSTS_DENY | |
62 | # | |
63 | # man 5 host_access for details | |
64 | # | |
6b557d34 | 65 | # eg. sshd: 127.0.0.1 # will block sshd logins from 127.0.0.1 |
cb64b9ac | 66 | # |
67 | # To block all services for the offending host: | |
68 | #BLOCK_SERVICE = ALL | |
69 | # To block only sshd: | |
6b557d34 | 70 | BLOCK_SERVICE = sshd |
71 | # To only record the offending host and nothing else (if using | |
72 | # an auxilary file to list the hosts). Refer to: | |
73 | # http://denyhosts.sourceforge.net/faq.html#aux | |
74 | #BLOCK_SERVICE = | |
cb64b9ac | 75 | # |
76 | ####################################################################### | |
77 | ||
6b557d34 | 78 | |
cb64b9ac | 79 | ####################################################################### |
80 | # | |
81 | # DENY_THRESHOLD: block each host after the number of failed login | |
82 | # attempts has exceeded this value. | |
83 | # | |
84 | DENY_THRESHOLD = 3 | |
85 | # | |
86 | ####################################################################### | |
87 | ||
88 | ####################################################################### | |
89 | # | |
90 | # WORK_DIR: the path that DenyHosts will use for writing data to | |
91 | # (it will be created if it does not already exist). | |
6b557d34 | 92 | # |
93 | WORK_DIR = /var/lib/DenyHosts | |
cb64b9ac | 94 | # |
95 | ####################################################################### | |
96 | ||
6b557d34 | 97 | ####################################################################### |
98 | # | |
99 | # SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS | |
100 | # | |
101 | # SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES|NO | |
102 | # If set to YES, if a suspicious login attempt results from an allowed-host | |
103 | # then it is considered suspicious. If this is NO, then suspicious logins | |
104 | # from allowed-hosts will not be reported. All suspicious logins from | |
105 | # ip addresses that are not in allowed-hosts will always be reported. | |
106 | # | |
107 | SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES | |
108 | ###################################################################### | |
109 | ||
110 | ###################################################################### | |
111 | # | |
112 | # HOSTNAME_LOOKUP | |
113 | # | |
114 | # HOSTNAME_LOOKUP=YES|NO | |
115 | # If set to YES, for each IP address that is reported by Denyhosts, | |
116 | # the corresponding hostname will be looked up and reported as well | |
117 | # (if available). | |
118 | # | |
119 | HOSTNAME_LOOKUP=YES | |
120 | ###################################################################### | |
cb64b9ac | 121 | |
122 | ||
6b557d34 | 123 | ###################################################################### |
124 | # | |
125 | # LOCK_FILE | |
126 | # | |
127 | # LOCK_FILE=/path/denyhosts | |
128 | # If this file exists when DenyHosts is run, then DenyHosts will exit | |
129 | # immediately. Otherwise, this file will be created upon invocation | |
130 | # and deleted upon exit. This ensures that only one instance is | |
131 | # running at a time. | |
132 | # | |
133 | # Redhat/Fedora: | |
134 | LOCK_FILE = /var/lock/subsys/denyhosts | |
135 | # | |
136 | #LOCK_FILE = /tmp/denyhosts.lock | |
cb64b9ac | 137 | |
6b557d34 | 138 | ###################################################################### |
139 | ||
140 | ||
141 | ############ THESE SETTINGS ARE OPTIONAL ############ | |
cb64b9ac | 142 | |
143 | ||
144 | ####################################################################### | |
145 | # | |
146 | # ADMIN_EMAIL: if you would like to receive emails regarding newly | |
147 | # restricted hosts and suspicious logins, set this address to | |
148 | # match your email address. If you do not want to receive these reports | |
149 | # leave this field blank (or run with the --noemail option) | |
150 | # | |
151 | ADMIN_EMAIL = root@localhost | |
152 | # | |
153 | ####################################################################### | |
154 | ||
155 | ####################################################################### | |
156 | # | |
157 | SMTP_HOST = localhost | |
158 | SMTP_PORT = 25 | |
159 | SMTP_FROM = DenyHosts | |
160 | SMTP_SUBJECT = DenyHosts Report | |
161 | # | |
162 | ####################################################################### | |
163 | ||
6b557d34 | 164 | |
165 | ||
166 | ####################################################################### | |
167 | # | |
168 | # DAEMON_LOG: when DenyHosts is run in daemon mode (--daemon flag) | |
169 | # this is the logfile that DenyHosts uses to report it's status. | |
170 | # To disable logging, leave blank. (default is: /var/log/denyhosts) | |
171 | # | |
172 | DAEMON_LOG = /var/log/denyhosts | |
173 | # | |
174 | # disable logging: | |
175 | #DAEMON_LOG = | |
176 | # | |
177 | ###################################################################### | |
178 | ||
179 | ||
180 | ||
181 | ####################################################################### | |
182 | # | |
183 | # DAEMON_SLEEP: when DenyHosts is run in daemon mode (--daemon flag) | |
184 | # this is the amount of time DenyHosts will sleep between polling | |
185 | # the SECURE_LOG. This value is in seconds (default is 30) | |
186 | # | |
187 | DAEMON_SLEEP = 30 | |
188 | # | |
189 | ####################################################################### | |
190 | ||
191 | ####################################################################### | |
192 | # | |
193 | # DAEMON_PURGE: How often should DenyHosts, when run in daemon mode | |
194 | # run the purge mechanism to expire old entries in HOSTS_DENY | |
195 | # This value is in seconds (default is 3600 seconds = 1 hour) | |
196 | # This has no effect if PURGE_DENY is blank. | |
197 | # | |
198 | DAEMON_PURGE = 60 | |
199 | # | |
200 | ####################################################################### | |
201 |