]>
Commit | Line | Data |
---|---|---|
6b557d34 | 1 | ############ THESE SETTINGS ARE REQUIRED ############ |
cb64b9ac | 2 | |
3 | ######################################################################## | |
4 | # | |
5 | # SECURE_LOG: the log file that contains sshd logging info | |
6 | # if you are not sure, grep "sshd:" /var/log/* | |
7 | # | |
8 | # The file to process can be overridden with the --file command line | |
9 | # argument | |
10 | # | |
0dd10d1d | 11 | # Redhat or Fedora Core: |
cb64b9ac | 12 | SECURE_LOG = /var/log/secure |
13 | # | |
0dd10d1d | 14 | # Mandrake, FreeBSD or OpenBSD: |
cb64b9ac | 15 | #SECURE_LOG = /var/log/auth.log |
16 | # | |
17 | # SuSE: | |
18 | #SECURE_LOG = /var/log/messages | |
19 | # | |
55eeb5c2 RT |
20 | # Mac OS X (v10.4 or greater - |
21 | # also refer to: http://www.denyhosts.net/faq.html#macos | |
22 | #SECURE_LOG = /private/var/log/asl.log | |
23 | # | |
24 | # Mac OS X (v10.3 or earlier): | |
25 | #SECURE_LOG=/private/var/log/system.log | |
26 | # | |
cb64b9ac | 27 | ######################################################################## |
28 | ||
29 | ######################################################################## | |
30 | # HOSTS_DENY: the file which contains restricted host access information | |
31 | # | |
6b557d34 | 32 | # Most operating systems: |
cb64b9ac | 33 | HOSTS_DENY = /etc/tcpd/hosts.deny |
34 | # | |
6b557d34 | 35 | # Some BSD (FreeBSD) Unixes: |
36 | #HOSTS_DENY = /etc/hosts.allow | |
37 | # | |
38 | # Another possibility (also see the next option): | |
39 | #HOSTS_DENY = /etc/hosts.evil | |
40 | ####################################################################### | |
41 | ||
6b557d34 | 42 | ######################################################################## |
43 | # PURGE_DENY: removed HOSTS_DENY entries that are older than this time | |
44 | # when DenyHosts is invoked with the --purge flag | |
45 | # | |
46 | # format is: i[dhwmy] | |
47 | # Where 'i' is an integer (eg. 7) | |
48 | # 'm' = minutes | |
49 | # 'h' = hours | |
50 | # 'd' = days | |
51 | # 'w' = weeks | |
52 | # 'y' = years | |
53 | # | |
54 | # never purge: | |
55 | PURGE_DENY = | |
56 | # | |
57 | # purge entries older than 1 week | |
58 | #PURGE_DENY = 1w | |
59 | # | |
60 | # purge entries older than 5 days | |
61 | #PURGE_DENY = 5d | |
cb64b9ac | 62 | ####################################################################### |
63 | ||
55eeb5c2 RT |
64 | ####################################################################### |
65 | # | |
66 | # PURGE_THRESHOLD: defines the maximum times a host will be purged. | |
67 | # Once this value has been exceeded then this host will not be purged. | |
68 | # Setting this parameter to 0 (the default) disables this feature. | |
69 | # | |
70 | # default: a denied host can be purged/re-added indefinitely | |
71 | #PURGE_THRESHOLD = 0 | |
72 | # | |
73 | # a denied host will be purged at most 2 times. | |
74 | #PURGE_THRESHOLD = 2 | |
75 | # | |
76 | ####################################################################### | |
77 | ||
cb64b9ac | 78 | ####################################################################### |
79 | # BLOCK_SERVICE: the service name that should be blocked in HOSTS_DENY | |
80 | # | |
400edb92 | 81 | # man 5 hosts_access for details |
cb64b9ac | 82 | # |
6b557d34 | 83 | # eg. sshd: 127.0.0.1 # will block sshd logins from 127.0.0.1 |
cb64b9ac | 84 | # |
85 | # To block all services for the offending host: | |
86 | #BLOCK_SERVICE = ALL | |
87 | # To block only sshd: | |
6b557d34 | 88 | BLOCK_SERVICE = sshd |
89 | # To only record the offending host and nothing else (if using | |
90 | # an auxilary file to list the hosts). Refer to: | |
91 | # http://denyhosts.sourceforge.net/faq.html#aux | |
92 | #BLOCK_SERVICE = | |
cb64b9ac | 93 | # |
94 | ####################################################################### | |
95 | ||
96 | ####################################################################### | |
97 | # | |
0dd10d1d MB |
98 | # DENY_THRESHOLD_INVALID: block each host after the number of failed login |
99 | # attempts has exceeded this value. This value applies to invalid | |
100 | # user login attempts (eg. non-existent user accounts) | |
cb64b9ac | 101 | # |
0dd10d1d | 102 | DENY_THRESHOLD_INVALID = 3 |
cb64b9ac | 103 | # |
104 | ####################################################################### | |
105 | ||
0dd10d1d MB |
106 | ####################################################################### |
107 | # | |
108 | # DENY_THRESHOLD_VALID: block each host after the number of failed | |
109 | # login attempts has exceeded this value. This value applies to valid | |
110 | # user login attempts (eg. user accounts that exist in /etc/passwd) except | |
111 | # for the "root" user | |
112 | # | |
113 | DENY_THRESHOLD_VALID = 10 | |
114 | # | |
115 | ####################################################################### | |
116 | ||
117 | ####################################################################### | |
118 | # | |
119 | # DENY_THRESHOLD_ROOT: block each host after the number of failed | |
120 | # login attempts has exceeded this value. This value applies to | |
121 | # "root" user login attempts only. | |
122 | # | |
123 | DENY_THRESHOLD_ROOT = 1 | |
124 | # | |
125 | ####################################################################### | |
126 | ||
c3be9809 RT |
127 | ####################################################################### |
128 | # | |
129 | # DENY_THRESHOLD_RESTRICTED: block each host after the number of failed | |
130 | # login attempts has exceeded this value. This value applies to | |
131 | # usernames that appear in the WORK_DIR/restricted-usernames file only. | |
132 | # | |
133 | DENY_THRESHOLD_RESTRICTED = 1 | |
134 | # | |
135 | ####################################################################### | |
0dd10d1d | 136 | |
cb64b9ac | 137 | ####################################################################### |
138 | # | |
139 | # WORK_DIR: the path that DenyHosts will use for writing data to | |
0dd10d1d MB |
140 | # (it will be created if it does not already exist). |
141 | # | |
c3be9809 RT |
142 | # Note: it is recommended that you use an absolute pathname |
143 | # for this value (eg. /home/foo/denyhosts/data) | |
6b557d34 | 144 | # |
145 | WORK_DIR = /var/lib/DenyHosts | |
cb64b9ac | 146 | # |
147 | ####################################################################### | |
148 | ||
6b557d34 | 149 | ####################################################################### |
150 | # | |
151 | # SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS | |
152 | # | |
153 | # SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES|NO | |
154 | # If set to YES, if a suspicious login attempt results from an allowed-host | |
155 | # then it is considered suspicious. If this is NO, then suspicious logins | |
156 | # from allowed-hosts will not be reported. All suspicious logins from | |
157 | # ip addresses that are not in allowed-hosts will always be reported. | |
158 | # | |
159 | SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES | |
160 | ###################################################################### | |
161 | ||
162 | ###################################################################### | |
163 | # | |
164 | # HOSTNAME_LOOKUP | |
165 | # | |
166 | # HOSTNAME_LOOKUP=YES|NO | |
167 | # If set to YES, for each IP address that is reported by Denyhosts, | |
168 | # the corresponding hostname will be looked up and reported as well | |
169 | # (if available). | |
170 | # | |
171 | HOSTNAME_LOOKUP=YES | |
0dd10d1d | 172 | # |
6b557d34 | 173 | ###################################################################### |
cb64b9ac | 174 | |
6b557d34 | 175 | ###################################################################### |
176 | # | |
177 | # LOCK_FILE | |
178 | # | |
179 | # LOCK_FILE=/path/denyhosts | |
180 | # If this file exists when DenyHosts is run, then DenyHosts will exit | |
181 | # immediately. Otherwise, this file will be created upon invocation | |
182 | # and deleted upon exit. This ensures that only one instance is | |
183 | # running at a time. | |
184 | # | |
185 | # Redhat/Fedora: | |
186 | LOCK_FILE = /var/lock/subsys/denyhosts | |
187 | # | |
0dd10d1d MB |
188 | # Debian |
189 | #LOCK_FILE = /var/run/denyhosts.pid | |
190 | # | |
191 | # Misc | |
6b557d34 | 192 | #LOCK_FILE = /tmp/denyhosts.lock |
0dd10d1d | 193 | # |
6b557d34 | 194 | ###################################################################### |
195 | ||
196 | ||
197 | ############ THESE SETTINGS ARE OPTIONAL ############ | |
cb64b9ac | 198 | |
199 | ||
200 | ####################################################################### | |
201 | # | |
202 | # ADMIN_EMAIL: if you would like to receive emails regarding newly | |
203 | # restricted hosts and suspicious logins, set this address to | |
204 | # match your email address. If you do not want to receive these reports | |
205 | # leave this field blank (or run with the --noemail option) | |
206 | # | |
207 | ADMIN_EMAIL = root@localhost | |
208 | # | |
209 | ####################################################################### | |
210 | ||
211 | ####################################################################### | |
212 | # | |
358bb9bc RT |
213 | # SMTP_HOST and SMTP_PORT: if DenyHosts is configured to email |
214 | # reports (see ADMIN_EMAIL) then these settings specify the | |
215 | # email server address (SMTP_HOST) and the server port (SMTP_PORT) | |
216 | # | |
cb64b9ac | 217 | SMTP_HOST = localhost |
218 | SMTP_PORT = 25 | |
358bb9bc RT |
219 | # |
220 | ####################################################################### | |
221 | ||
222 | ####################################################################### | |
223 | # | |
224 | # SMTP_USERNAME and SMTP_PASSWORD: set these parameters if your | |
225 | # smtp email server requires authentication | |
226 | # | |
0dd10d1d MB |
227 | #SMTP_USERNAME=foo |
228 | #SMTP_PASSWORD=bar | |
cb64b9ac | 229 | # |
230 | ####################################################################### | |
231 | ||
358bb9bc RT |
232 | ####################################################################### |
233 | # | |
234 | # SMTP_FROM: you can specify the "From:" address in messages sent | |
235 | # from DenyHosts when it reports thwarted abuse attempts | |
236 | # | |
237 | SMTP_FROM = DenyHosts <nobody@localhost> | |
238 | # | |
239 | ####################################################################### | |
240 | ||
241 | ####################################################################### | |
242 | # | |
243 | # SMTP_SUBJECT: you can specify the "Subject:" of messages sent | |
244 | # by DenyHosts when it reports thwarted abuse attempts | |
245 | SMTP_SUBJECT = DenyHosts Report | |
246 | # | |
247 | ###################################################################### | |
248 | ||
249 | ###################################################################### | |
250 | # | |
251 | # SMTP_DATE_FORMAT: specifies the format used for the "Date:" header | |
252 | # when sending email messages. | |
253 | # | |
254 | # for possible values for this parameter refer to: man strftime | |
255 | # | |
256 | # the default: | |
257 | # | |
258 | #SMTP_DATE_FORMAT = %a, %d %b %Y %H:%M:%S %z | |
259 | # | |
260 | ###################################################################### | |
261 | ||
55eeb5c2 RT |
262 | ###################################################################### |
263 | # | |
264 | # SYSLOG_REPORT | |
265 | # | |
266 | # SYSLOG_REPORT=YES|NO | |
267 | # If set to yes, when denied hosts are recorded the report data | |
268 | # will be sent to syslog (syslog must be present on your system). | |
269 | # The default is: NO | |
270 | # | |
271 | #SYSLOG_REPORT=NO | |
272 | # | |
273 | #SYSLOG_REPORT=YES | |
274 | # | |
275 | ###################################################################### | |
276 | ||
0dd10d1d MB |
277 | ###################################################################### |
278 | # | |
279 | # ALLOWED_HOSTS_HOSTNAME_LOOKUP | |
280 | # | |
281 | # ALLOWED_HOSTS_HOSTNAME_LOOKUP=YES|NO | |
282 | # If set to YES, for each entry in the WORK_DIR/allowed-hosts file, | |
283 | # the hostname will be looked up. If your versions of tcp_wrappers | |
284 | # and sshd sometimes log hostnames in addition to ip addresses | |
285 | # then you may wish to specify this option. | |
286 | # | |
287 | #ALLOWED_HOSTS_HOSTNAME_LOOKUP=NO | |
288 | # | |
289 | ###################################################################### | |
290 | ||
291 | ###################################################################### | |
292 | # | |
293 | # AGE_RESET_VALID: Specifies the period of time between failed login | |
294 | # attempts that, when exceeded will result in the failed count for | |
295 | # this host to be reset to 0. This value applies to login attempts | |
296 | # to all valid users (those within /etc/passwd) with the | |
297 | # exception of root. If not defined, this count will never | |
298 | # be reset. | |
299 | # | |
300 | # See the comments in the PURGE_DENY section (above) | |
301 | # for details on specifying this value or for complete details | |
302 | # refer to: http://denyhosts.sourceforge.net/faq.html#timespec | |
303 | # | |
304 | AGE_RESET_VALID=5d | |
305 | # | |
306 | ###################################################################### | |
307 | ||
308 | ###################################################################### | |
309 | # | |
310 | # AGE_RESET_ROOT: Specifies the period of time between failed login | |
311 | # attempts that, when exceeded will result in the failed count for | |
312 | # this host to be reset to 0. This value applies to all login | |
313 | # attempts to the "root" user account. If not defined, | |
314 | # this count will never be reset. | |
315 | # | |
316 | # See the comments in the PURGE_DENY section (above) | |
317 | # for details on specifying this value or for complete details | |
318 | # refer to: http://denyhosts.sourceforge.net/faq.html#timespec | |
319 | # | |
320 | AGE_RESET_ROOT=25d | |
321 | # | |
322 | ###################################################################### | |
323 | ||
c3be9809 RT |
324 | ###################################################################### |
325 | # | |
326 | # AGE_RESET_RESTRICTED: Specifies the period of time between failed login | |
327 | # attempts that, when exceeded will result in the failed count for | |
328 | # this host to be reset to 0. This value applies to all login | |
329 | # attempts to entries found in the WORK_DIR/restricted-usernames file. | |
330 | # If not defined, the count will never be reset. | |
331 | # | |
332 | # See the comments in the PURGE_DENY section (above) | |
333 | # for details on specifying this value or for complete details | |
334 | # refer to: http://denyhosts.sourceforge.net/faq.html#timespec | |
335 | # | |
336 | AGE_RESET_RESTRICTED=25d | |
337 | # | |
338 | ###################################################################### | |
339 | ||
0dd10d1d MB |
340 | ###################################################################### |
341 | # | |
342 | # AGE_RESET_INVALID: Specifies the period of time between failed login | |
343 | # attempts that, when exceeded will result in the failed count for | |
344 | # this host to be reset to 0. This value applies to login attempts | |
345 | # made to any invalid username (those that do not appear | |
346 | # in /etc/passwd). If not defined, count will never be reset. | |
347 | # | |
348 | # See the comments in the PURGE_DENY section (above) | |
349 | # for details on specifying this value or for complete details | |
350 | # refer to: http://denyhosts.sourceforge.net/faq.html#timespec | |
351 | # | |
352 | AGE_RESET_INVALID=10d | |
353 | # | |
354 | ###################################################################### | |
355 | ||
c3be9809 RT |
356 | ###################################################################### |
357 | # | |
358 | # RESET_ON_SUCCESS: If this parameter is set to "yes" then the | |
359 | # failed count for the respective ip address will be reset to 0 | |
360 | # if the login is successful. | |
361 | # | |
362 | # The default is RESET_ON_SUCCESS = no | |
363 | # | |
364 | #RESET_ON_SUCCESS = yes | |
365 | # | |
366 | ##################################################################### | |
367 | ||
0dd10d1d MB |
368 | ###################################################################### |
369 | # | |
370 | # PLUGIN_DENY: If set, this value should point to an executable | |
371 | # program that will be invoked when a host is added to the | |
372 | # HOSTS_DENY file. This executable will be passed the host | |
373 | # that will be added as it's only argument. | |
374 | # | |
375 | #PLUGIN_DENY=/usr/bin/true | |
376 | # | |
377 | ###################################################################### | |
378 | ||
379 | ||
380 | ###################################################################### | |
381 | # | |
382 | # PLUGIN_PURGE: If set, this value should point to an executable | |
383 | # program that will be invoked when a host is removed from the | |
384 | # HOSTS_DENY file. This executable will be passed the host | |
385 | # that is to be purged as it's only argument. | |
386 | # | |
387 | #PLUGIN_PURGE=/usr/bin/true | |
388 | # | |
389 | ###################################################################### | |
390 | ||
400edb92 MB |
391 | ###################################################################### |
392 | # | |
393 | # USERDEF_FAILED_ENTRY_REGEX: if set, this value should contain | |
394 | # a regular expression that can be used to identify additional | |
395 | # hackers for your particular ssh configuration. This functionality | |
396 | # extends the built-in regular expressions that DenyHosts uses. | |
397 | # This parameter can be specified multiple times. | |
398 | # See this faq entry for more details: | |
399 | # http://denyhosts.sf.net/faq.html#userdef_regex | |
400 | # | |
401 | #USERDEF_FAILED_ENTRY_REGEX= | |
402 | # | |
403 | # | |
404 | ###################################################################### | |
405 | ||
406 | ||
407 | ||
0dd10d1d MB |
408 | |
409 | ######### THESE SETTINGS ARE SPECIFIC TO DAEMON MODE ########## | |
6b557d34 | 410 | |
411 | ||
400edb92 | 412 | |
6b557d34 | 413 | ####################################################################### |
414 | # | |
415 | # DAEMON_LOG: when DenyHosts is run in daemon mode (--daemon flag) | |
416 | # this is the logfile that DenyHosts uses to report it's status. | |
417 | # To disable logging, leave blank. (default is: /var/log/denyhosts) | |
418 | # | |
419 | DAEMON_LOG = /var/log/denyhosts | |
420 | # | |
421 | # disable logging: | |
422 | #DAEMON_LOG = | |
423 | # | |
424 | ###################################################################### | |
425 | ||
0dd10d1d MB |
426 | ####################################################################### |
427 | # | |
428 | # DAEMON_LOG_TIME_FORMAT: when DenyHosts is run in daemon mode | |
429 | # (--daemon flag) this specifies the timestamp format of | |
430 | # the DAEMON_LOG messages (default is the ISO8061 format: | |
431 | # ie. 2005-07-22 10:38:01,745) | |
432 | # | |
433 | # for possible values for this parameter refer to: man strftime | |
434 | # | |
435 | # Jan 1 13:05:59 | |
436 | #DAEMON_LOG_TIME_FORMAT = %b %d %H:%M:%S | |
437 | # | |
438 | # Jan 1 01:05:59 | |
439 | #DAEMON_LOG_TIME_FORMAT = %b %d %I:%M:%S | |
440 | # | |
441 | ###################################################################### | |
400edb92 MB |
442 | |
443 | ####################################################################### | |
444 | # | |
445 | # DAEMON_LOG_MESSAGE_FORMAT: when DenyHosts is run in daemon mode | |
446 | # (--daemon flag) this specifies the message format of each logged | |
447 | # entry. By default the following format is used: | |
448 | # | |
449 | # %(asctime)s - %(name)-12s: %(levelname)-8s %(message)s | |
450 | # | |
451 | # Where the "%(asctime)s" portion is expanded to the format | |
452 | # defined by DAEMON_LOG_TIME_FORMAT | |
453 | # | |
454 | # This string is passed to python's logging.Formatter contstuctor. | |
455 | # For details on the possible format types please refer to: | |
456 | # http://docs.python.org/lib/node357.html | |
457 | # | |
458 | # This is the default: | |
459 | #DAEMON_LOG_MESSAGE_FORMAT = %(asctime)s - %(name)-12s: %(levelname)-8s %(message)s | |
460 | # | |
461 | # | |
462 | ###################################################################### | |
463 | ||
0dd10d1d | 464 | |
6b557d34 | 465 | ####################################################################### |
466 | # | |
467 | # DAEMON_SLEEP: when DenyHosts is run in daemon mode (--daemon flag) | |
468 | # this is the amount of time DenyHosts will sleep between polling | |
0dd10d1d MB |
469 | # the SECURE_LOG. See the comments in the PURGE_DENY section (above) |
470 | # for details on specifying this value or for complete details | |
471 | # refer to: http://denyhosts.sourceforge.net/faq.html#timespec | |
472 | # | |
6b557d34 | 473 | # |
358bb9bc | 474 | DAEMON_SLEEP = 30s |
6b557d34 | 475 | # |
476 | ####################################################################### | |
477 | ||
478 | ####################################################################### | |
479 | # | |
0dd10d1d | 480 | # DAEMON_PURGE: How often should DenyHosts, when run in daemon mode, |
6b557d34 | 481 | # run the purge mechanism to expire old entries in HOSTS_DENY |
6b557d34 | 482 | # This has no effect if PURGE_DENY is blank. |
483 | # | |
484 | DAEMON_PURGE = 60 | |
485 | # | |
486 | ####################################################################### | |
487 | ||
400edb92 MB |
488 | |
489 | ######### THESE SETTINGS ARE SPECIFIC TO ########## | |
490 | ######### DAEMON SYNCHRONIZATION ########## | |
491 | ||
492 | ||
493 | ####################################################################### | |
494 | # | |
495 | # Synchronization mode allows the DenyHosts daemon the ability | |
496 | # to periodically send and receive denied host data such that | |
497 | # DenyHosts daemons worldwide can automatically inform one | |
498 | # another regarding banned hosts. This mode is disabled by | |
499 | # default, you must uncomment SYNC_SERVER to enable this mode. | |
500 | # | |
501 | # for more information, please refer to: | |
502 | # http:/denyhosts.sourceforge.net/faq.html#sync | |
503 | # | |
504 | ####################################################################### | |
505 | ||
506 | ||
507 | ####################################################################### | |
508 | # | |
509 | # SYNC_SERVER: The central server that communicates with DenyHost | |
510 | # daemons. Currently, denyhosts.net is the only available server | |
511 | # however, in the future, it may be possible for organizations to | |
512 | # install their own server for internal network synchronization | |
513 | # | |
514 | # To disable synchronization (the default), do nothing. | |
515 | # | |
516 | # To enable synchronization, you must uncomment the following line: | |
517 | #SYNC_SERVER = http://xmlrpc.denyhosts.net:9911 | |
518 | # | |
519 | ####################################################################### | |
520 | ||
521 | ####################################################################### | |
522 | # | |
523 | # SYNC_INTERVAL: the interval of time to perform synchronizations if | |
524 | # SYNC_SERVER has been uncommented. The default is 1 hour. | |
525 | # | |
526 | #SYNC_INTERVAL = 1h | |
527 | # | |
528 | ####################################################################### | |
529 | ||
530 | ||
531 | ####################################################################### | |
532 | # | |
533 | # SYNC_UPLOAD: allow your DenyHosts daemon to transmit hosts that have | |
534 | # been denied? This option only applies if SYNC_SERVER has | |
535 | # been uncommented. | |
c3be9809 | 536 | # The default is SYNC_UPLOAD = yes |
400edb92 MB |
537 | # |
538 | #SYNC_UPLOAD = no | |
400edb92 MB |
539 | #SYNC_UPLOAD = yes |
540 | # | |
541 | ####################################################################### | |
542 | ||
543 | ||
544 | ####################################################################### | |
545 | # | |
546 | # SYNC_DOWNLOAD: allow your DenyHosts daemon to receive hosts that have | |
547 | # been denied by others? This option only applies if SYNC_SERVER has | |
548 | # been uncommented. | |
c3be9809 | 549 | # The default is SYNC_DOWNLOAD = yes |
400edb92 MB |
550 | # |
551 | #SYNC_DOWNLOAD = no | |
400edb92 MB |
552 | #SYNC_DOWNLOAD = yes |
553 | # | |
554 | ####################################################################### | |
555 | ||
556 | ####################################################################### | |
557 | # | |
558 | # SYNC_DOWNLOAD_THRESHOLD: If SYNC_DOWNLOAD is enabled this paramter | |
559 | # filters the returned hosts to those that have been blocked this many | |
560 | # times by others. That is, if set to 1, then if a single DenyHosts | |
561 | # server has denied an ip address then you will receive the denied host. | |
c3be9809 RT |
562 | # |
563 | # See also SYNC_DOWNLOAD_RESILIENCY | |
400edb92 MB |
564 | # |
565 | #SYNC_DOWNLOAD_THRESHOLD = 10 | |
566 | # | |
c3be9809 | 567 | # The default is SYNC_DOWNLOAD_THRESHOLD = 3 |
400edb92 MB |
568 | #SYNC_DOWNLOAD_THRESHOLD = 3 |
569 | # | |
570 | ####################################################################### | |
571 | ||
c3be9809 RT |
572 | ####################################################################### |
573 | # | |
574 | # SYNC_DOWNLOAD_RESILIENCY: If SYNC_DOWNLOAD is enabled then the | |
575 | # value specified for this option limits the downloaded data | |
576 | # to this resiliency period or greater. | |
577 | # | |
578 | # Resiliency is defined as the timespan between a hackers first known | |
579 | # attack and it's most recent attack. Example: | |
580 | # | |
581 | # If the centralized denyhosts.net server records an attack at 2 PM | |
582 | # and then again at 5 PM, specifying a SYNC_DOWNLOAD_RESILIENCY = 4h | |
583 | # will not download this ip address. | |
584 | # | |
585 | # However, if the attacker is recorded again at 6:15 PM then the | |
586 | # ip address will be downloaded by your DenyHosts instance. | |
587 | # | |
588 | # This value is used in conjunction with the SYNC_DOWNLOAD_THRESHOLD | |
589 | # and only hosts that satisfy both values will be downloaded. | |
590 | # This value has no effect if SYNC_DOWNLOAD_THRESHOLD = 1 | |
591 | # | |
592 | # The default is SYNC_DOWNLOAD_RESILIENCY = 5h (5 hours) | |
593 | # | |
594 | # Only obtain hackers that have been at it for 2 days or more: | |
595 | #SYNC_DOWNLOAD_RESILIENCY = 2d | |
596 | # | |
597 | # Only obtain hackers that have been at it for 5 hours or more: | |
598 | #SYNC_DOWNLOAD_RESILIENCY = 5h | |
599 | # | |
600 | ####################################################################### | |
400edb92 | 601 |