]>
Commit | Line | Data |
---|---|---|
6b557d34 | 1 | ############ THESE SETTINGS ARE REQUIRED ############ |
cb64b9ac | 2 | |
3 | ######################################################################## | |
4 | # | |
5 | # SECURE_LOG: the log file that contains sshd logging info | |
6 | # if you are not sure, grep "sshd:" /var/log/* | |
7 | # | |
8 | # The file to process can be overridden with the --file command line | |
9 | # argument | |
10 | # | |
0dd10d1d | 11 | # Redhat or Fedora Core: |
cb64b9ac | 12 | SECURE_LOG = /var/log/secure |
13 | # | |
0dd10d1d | 14 | # Mandrake, FreeBSD or OpenBSD: |
cb64b9ac | 15 | #SECURE_LOG = /var/log/auth.log |
16 | # | |
17 | # SuSE: | |
18 | #SECURE_LOG = /var/log/messages | |
19 | # | |
99447933 | 20 | # Mac OS X (v10.4 or greater - |
55eeb5c2 RT |
21 | # also refer to: http://www.denyhosts.net/faq.html#macos |
22 | #SECURE_LOG = /private/var/log/asl.log | |
23 | # | |
24 | # Mac OS X (v10.3 or earlier): | |
25 | #SECURE_LOG=/private/var/log/system.log | |
26 | # | |
cb64b9ac | 27 | ######################################################################## |
28 | ||
29 | ######################################################################## | |
99447933 | 30 | # |
cb64b9ac | 31 | # HOSTS_DENY: the file which contains restricted host access information |
32 | # | |
6b557d34 | 33 | # Most operating systems: |
cb64b9ac | 34 | HOSTS_DENY = /etc/tcpd/hosts.deny |
35 | # | |
6b557d34 | 36 | # Some BSD (FreeBSD) Unixes: |
37 | #HOSTS_DENY = /etc/hosts.allow | |
38 | # | |
39 | # Another possibility (also see the next option): | |
40 | #HOSTS_DENY = /etc/hosts.evil | |
41 | ####################################################################### | |
42 | ||
99447933 | 43 | |
6b557d34 | 44 | ######################################################################## |
99447933 | 45 | # |
6b557d34 | 46 | # PURGE_DENY: removed HOSTS_DENY entries that are older than this time |
47 | # when DenyHosts is invoked with the --purge flag | |
48 | # | |
49 | # format is: i[dhwmy] | |
50 | # Where 'i' is an integer (eg. 7) | |
51 | # 'm' = minutes | |
52 | # 'h' = hours | |
53 | # 'd' = days | |
54 | # 'w' = weeks | |
55 | # 'y' = years | |
56 | # | |
57 | # never purge: | |
58 | PURGE_DENY = | |
59 | # | |
60 | # purge entries older than 1 week | |
61 | #PURGE_DENY = 1w | |
62 | # | |
63 | # purge entries older than 5 days | |
64 | #PURGE_DENY = 5d | |
cb64b9ac | 65 | ####################################################################### |
66 | ||
55eeb5c2 RT |
67 | ####################################################################### |
68 | # | |
99447933 MB |
69 | # PURGE_THRESHOLD: defines the maximum times a host will be purged. |
70 | # Once this value has been exceeded then this host will not be purged. | |
55eeb5c2 RT |
71 | # Setting this parameter to 0 (the default) disables this feature. |
72 | # | |
73 | # default: a denied host can be purged/re-added indefinitely | |
74 | #PURGE_THRESHOLD = 0 | |
75 | # | |
99447933 MB |
76 | # a denied host will be purged at most 2 times. |
77 | #PURGE_THRESHOLD = 2 | |
55eeb5c2 RT |
78 | # |
79 | ####################################################################### | |
80 | ||
99447933 | 81 | |
cb64b9ac | 82 | ####################################################################### |
99447933 | 83 | # |
cb64b9ac | 84 | # BLOCK_SERVICE: the service name that should be blocked in HOSTS_DENY |
85 | # | |
400edb92 | 86 | # man 5 hosts_access for details |
cb64b9ac | 87 | # |
6b557d34 | 88 | # eg. sshd: 127.0.0.1 # will block sshd logins from 127.0.0.1 |
cb64b9ac | 89 | # |
90 | # To block all services for the offending host: | |
91 | #BLOCK_SERVICE = ALL | |
92 | # To block only sshd: | |
6b557d34 | 93 | BLOCK_SERVICE = sshd |
94 | # To only record the offending host and nothing else (if using | |
95 | # an auxilary file to list the hosts). Refer to: | |
96 | # http://denyhosts.sourceforge.net/faq.html#aux | |
97 | #BLOCK_SERVICE = | |
cb64b9ac | 98 | # |
99 | ####################################################################### | |
100 | ||
99447933 | 101 | |
cb64b9ac | 102 | ####################################################################### |
103 | # | |
0dd10d1d MB |
104 | # DENY_THRESHOLD_INVALID: block each host after the number of failed login |
105 | # attempts has exceeded this value. This value applies to invalid | |
106 | # user login attempts (eg. non-existent user accounts) | |
cb64b9ac | 107 | # |
0dd10d1d | 108 | DENY_THRESHOLD_INVALID = 3 |
cb64b9ac | 109 | # |
110 | ####################################################################### | |
111 | ||
0dd10d1d MB |
112 | ####################################################################### |
113 | # | |
114 | # DENY_THRESHOLD_VALID: block each host after the number of failed | |
115 | # login attempts has exceeded this value. This value applies to valid | |
116 | # user login attempts (eg. user accounts that exist in /etc/passwd) except | |
117 | # for the "root" user | |
118 | # | |
119 | DENY_THRESHOLD_VALID = 10 | |
120 | # | |
121 | ####################################################################### | |
122 | ||
123 | ####################################################################### | |
124 | # | |
125 | # DENY_THRESHOLD_ROOT: block each host after the number of failed | |
126 | # login attempts has exceeded this value. This value applies to | |
127 | # "root" user login attempts only. | |
128 | # | |
129 | DENY_THRESHOLD_ROOT = 1 | |
130 | # | |
131 | ####################################################################### | |
132 | ||
99447933 | 133 | |
c3be9809 RT |
134 | ####################################################################### |
135 | # | |
99447933 MB |
136 | # DENY_THRESHOLD_RESTRICTED: block each host after the number of failed |
137 | # login attempts has exceeded this value. This value applies to | |
c3be9809 RT |
138 | # usernames that appear in the WORK_DIR/restricted-usernames file only. |
139 | # | |
140 | DENY_THRESHOLD_RESTRICTED = 1 | |
141 | # | |
142 | ####################################################################### | |
0dd10d1d | 143 | |
99447933 | 144 | |
cb64b9ac | 145 | ####################################################################### |
146 | # | |
147 | # WORK_DIR: the path that DenyHosts will use for writing data to | |
0dd10d1d MB |
148 | # (it will be created if it does not already exist). |
149 | # | |
c3be9809 RT |
150 | # Note: it is recommended that you use an absolute pathname |
151 | # for this value (eg. /home/foo/denyhosts/data) | |
6b557d34 | 152 | # |
153 | WORK_DIR = /var/lib/DenyHosts | |
cb64b9ac | 154 | # |
155 | ####################################################################### | |
156 | ||
6b557d34 | 157 | ####################################################################### |
158 | # | |
159 | # SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS | |
160 | # | |
161 | # SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES|NO | |
162 | # If set to YES, if a suspicious login attempt results from an allowed-host | |
163 | # then it is considered suspicious. If this is NO, then suspicious logins | |
164 | # from allowed-hosts will not be reported. All suspicious logins from | |
165 | # ip addresses that are not in allowed-hosts will always be reported. | |
166 | # | |
167 | SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES | |
168 | ###################################################################### | |
169 | ||
170 | ###################################################################### | |
171 | # | |
172 | # HOSTNAME_LOOKUP | |
173 | # | |
174 | # HOSTNAME_LOOKUP=YES|NO | |
175 | # If set to YES, for each IP address that is reported by Denyhosts, | |
176 | # the corresponding hostname will be looked up and reported as well | |
177 | # (if available). | |
178 | # | |
179 | HOSTNAME_LOOKUP=YES | |
0dd10d1d | 180 | # |
6b557d34 | 181 | ###################################################################### |
cb64b9ac | 182 | |
99447933 | 183 | |
6b557d34 | 184 | ###################################################################### |
185 | # | |
186 | # LOCK_FILE | |
187 | # | |
188 | # LOCK_FILE=/path/denyhosts | |
189 | # If this file exists when DenyHosts is run, then DenyHosts will exit | |
190 | # immediately. Otherwise, this file will be created upon invocation | |
191 | # and deleted upon exit. This ensures that only one instance is | |
192 | # running at a time. | |
193 | # | |
194 | # Redhat/Fedora: | |
195 | LOCK_FILE = /var/lock/subsys/denyhosts | |
196 | # | |
0dd10d1d MB |
197 | # Debian |
198 | #LOCK_FILE = /var/run/denyhosts.pid | |
199 | # | |
200 | # Misc | |
6b557d34 | 201 | #LOCK_FILE = /tmp/denyhosts.lock |
0dd10d1d | 202 | # |
6b557d34 | 203 | ###################################################################### |
204 | ||
205 | ||
206 | ############ THESE SETTINGS ARE OPTIONAL ############ | |
cb64b9ac | 207 | |
208 | ||
209 | ####################################################################### | |
210 | # | |
211 | # ADMIN_EMAIL: if you would like to receive emails regarding newly | |
212 | # restricted hosts and suspicious logins, set this address to | |
213 | # match your email address. If you do not want to receive these reports | |
214 | # leave this field blank (or run with the --noemail option) | |
215 | # | |
99447933 MB |
216 | # Multiple email addresses can be delimited by a comma, eg: |
217 | # ADMIN_EMAIL = foo@bar.com, bar@foo.com, etc@foobar.com | |
218 | # | |
cb64b9ac | 219 | ADMIN_EMAIL = root@localhost |
220 | # | |
221 | ####################################################################### | |
222 | ||
223 | ####################################################################### | |
224 | # | |
99447933 MB |
225 | # SMTP_HOST and SMTP_PORT: if DenyHosts is configured to email |
226 | # reports (see ADMIN_EMAIL) then these settings specify the | |
358bb9bc | 227 | # email server address (SMTP_HOST) and the server port (SMTP_PORT) |
99447933 | 228 | # |
358bb9bc | 229 | # |
cb64b9ac | 230 | SMTP_HOST = localhost |
231 | SMTP_PORT = 25 | |
358bb9bc RT |
232 | # |
233 | ####################################################################### | |
234 | ||
235 | ####################################################################### | |
99447933 MB |
236 | # |
237 | # SMTP_USERNAME and SMTP_PASSWORD: set these parameters if your | |
358bb9bc RT |
238 | # smtp email server requires authentication |
239 | # | |
0dd10d1d MB |
240 | #SMTP_USERNAME=foo |
241 | #SMTP_PASSWORD=bar | |
cb64b9ac | 242 | # |
99447933 | 243 | ###################################################################### |
cb64b9ac | 244 | |
358bb9bc RT |
245 | ####################################################################### |
246 | # | |
247 | # SMTP_FROM: you can specify the "From:" address in messages sent | |
248 | # from DenyHosts when it reports thwarted abuse attempts | |
249 | # | |
250 | SMTP_FROM = DenyHosts <nobody@localhost> | |
251 | # | |
252 | ####################################################################### | |
253 | ||
254 | ####################################################################### | |
255 | # | |
256 | # SMTP_SUBJECT: you can specify the "Subject:" of messages sent | |
257 | # by DenyHosts when it reports thwarted abuse attempts | |
258 | SMTP_SUBJECT = DenyHosts Report | |
259 | # | |
260 | ###################################################################### | |
261 | ||
262 | ###################################################################### | |
263 | # | |
264 | # SMTP_DATE_FORMAT: specifies the format used for the "Date:" header | |
265 | # when sending email messages. | |
266 | # | |
267 | # for possible values for this parameter refer to: man strftime | |
268 | # | |
269 | # the default: | |
270 | # | |
271 | #SMTP_DATE_FORMAT = %a, %d %b %Y %H:%M:%S %z | |
272 | # | |
273 | ###################################################################### | |
274 | ||
55eeb5c2 RT |
275 | ###################################################################### |
276 | # | |
277 | # SYSLOG_REPORT | |
278 | # | |
279 | # SYSLOG_REPORT=YES|NO | |
280 | # If set to yes, when denied hosts are recorded the report data | |
281 | # will be sent to syslog (syslog must be present on your system). | |
282 | # The default is: NO | |
283 | # | |
284 | #SYSLOG_REPORT=NO | |
285 | # | |
286 | #SYSLOG_REPORT=YES | |
287 | # | |
288 | ###################################################################### | |
289 | ||
0dd10d1d MB |
290 | ###################################################################### |
291 | # | |
292 | # ALLOWED_HOSTS_HOSTNAME_LOOKUP | |
293 | # | |
294 | # ALLOWED_HOSTS_HOSTNAME_LOOKUP=YES|NO | |
295 | # If set to YES, for each entry in the WORK_DIR/allowed-hosts file, | |
296 | # the hostname will be looked up. If your versions of tcp_wrappers | |
297 | # and sshd sometimes log hostnames in addition to ip addresses | |
298 | # then you may wish to specify this option. | |
299 | # | |
300 | #ALLOWED_HOSTS_HOSTNAME_LOOKUP=NO | |
301 | # | |
302 | ###################################################################### | |
303 | ||
304 | ###################################################################### | |
305 | # | |
306 | # AGE_RESET_VALID: Specifies the period of time between failed login | |
307 | # attempts that, when exceeded will result in the failed count for | |
308 | # this host to be reset to 0. This value applies to login attempts | |
309 | # to all valid users (those within /etc/passwd) with the | |
310 | # exception of root. If not defined, this count will never | |
311 | # be reset. | |
312 | # | |
313 | # See the comments in the PURGE_DENY section (above) | |
314 | # for details on specifying this value or for complete details | |
315 | # refer to: http://denyhosts.sourceforge.net/faq.html#timespec | |
316 | # | |
317 | AGE_RESET_VALID=5d | |
318 | # | |
319 | ###################################################################### | |
320 | ||
321 | ###################################################################### | |
322 | # | |
323 | # AGE_RESET_ROOT: Specifies the period of time between failed login | |
324 | # attempts that, when exceeded will result in the failed count for | |
325 | # this host to be reset to 0. This value applies to all login | |
326 | # attempts to the "root" user account. If not defined, | |
327 | # this count will never be reset. | |
328 | # | |
329 | # See the comments in the PURGE_DENY section (above) | |
330 | # for details on specifying this value or for complete details | |
331 | # refer to: http://denyhosts.sourceforge.net/faq.html#timespec | |
332 | # | |
333 | AGE_RESET_ROOT=25d | |
334 | # | |
335 | ###################################################################### | |
336 | ||
99447933 MB |
337 | ###################################################################### |
338 | # | |
c3be9809 | 339 | # AGE_RESET_RESTRICTED: Specifies the period of time between failed login |
99447933 MB |
340 | # attempts that, when exceeded will result in the failed count for |
341 | # this host to be reset to 0. This value applies to all login | |
342 | # attempts to entries found in the WORK_DIR/restricted-usernames file. | |
c3be9809 RT |
343 | # If not defined, the count will never be reset. |
344 | # | |
99447933 MB |
345 | # See the comments in the PURGE_DENY section (above) |
346 | # for details on specifying this value or for complete details | |
c3be9809 RT |
347 | # refer to: http://denyhosts.sourceforge.net/faq.html#timespec |
348 | # | |
349 | AGE_RESET_RESTRICTED=25d | |
350 | # | |
351 | ###################################################################### | |
352 | ||
99447933 | 353 | |
0dd10d1d MB |
354 | ###################################################################### |
355 | # | |
356 | # AGE_RESET_INVALID: Specifies the period of time between failed login | |
357 | # attempts that, when exceeded will result in the failed count for | |
358 | # this host to be reset to 0. This value applies to login attempts | |
359 | # made to any invalid username (those that do not appear | |
360 | # in /etc/passwd). If not defined, count will never be reset. | |
361 | # | |
362 | # See the comments in the PURGE_DENY section (above) | |
363 | # for details on specifying this value or for complete details | |
364 | # refer to: http://denyhosts.sourceforge.net/faq.html#timespec | |
365 | # | |
366 | AGE_RESET_INVALID=10d | |
367 | # | |
368 | ###################################################################### | |
369 | ||
99447933 | 370 | |
c3be9809 RT |
371 | ###################################################################### |
372 | # | |
373 | # RESET_ON_SUCCESS: If this parameter is set to "yes" then the | |
374 | # failed count for the respective ip address will be reset to 0 | |
99447933 | 375 | # if the login is successful. |
c3be9809 RT |
376 | # |
377 | # The default is RESET_ON_SUCCESS = no | |
378 | # | |
379 | #RESET_ON_SUCCESS = yes | |
380 | # | |
381 | ##################################################################### | |
382 | ||
99447933 | 383 | |
0dd10d1d MB |
384 | ###################################################################### |
385 | # | |
386 | # PLUGIN_DENY: If set, this value should point to an executable | |
387 | # program that will be invoked when a host is added to the | |
388 | # HOSTS_DENY file. This executable will be passed the host | |
389 | # that will be added as it's only argument. | |
390 | # | |
391 | #PLUGIN_DENY=/usr/bin/true | |
392 | # | |
393 | ###################################################################### | |
394 | ||
395 | ||
396 | ###################################################################### | |
397 | # | |
398 | # PLUGIN_PURGE: If set, this value should point to an executable | |
399 | # program that will be invoked when a host is removed from the | |
400 | # HOSTS_DENY file. This executable will be passed the host | |
401 | # that is to be purged as it's only argument. | |
402 | # | |
403 | #PLUGIN_PURGE=/usr/bin/true | |
404 | # | |
405 | ###################################################################### | |
406 | ||
400edb92 MB |
407 | ###################################################################### |
408 | # | |
409 | # USERDEF_FAILED_ENTRY_REGEX: if set, this value should contain | |
410 | # a regular expression that can be used to identify additional | |
411 | # hackers for your particular ssh configuration. This functionality | |
412 | # extends the built-in regular expressions that DenyHosts uses. | |
413 | # This parameter can be specified multiple times. | |
414 | # See this faq entry for more details: | |
415 | # http://denyhosts.sf.net/faq.html#userdef_regex | |
416 | # | |
417 | #USERDEF_FAILED_ENTRY_REGEX= | |
418 | # | |
419 | # | |
420 | ###################################################################### | |
421 | ||
422 | ||
423 | ||
0dd10d1d MB |
424 | |
425 | ######### THESE SETTINGS ARE SPECIFIC TO DAEMON MODE ########## | |
6b557d34 | 426 | |
427 | ||
400edb92 | 428 | |
6b557d34 | 429 | ####################################################################### |
430 | # | |
431 | # DAEMON_LOG: when DenyHosts is run in daemon mode (--daemon flag) | |
432 | # this is the logfile that DenyHosts uses to report it's status. | |
433 | # To disable logging, leave blank. (default is: /var/log/denyhosts) | |
434 | # | |
435 | DAEMON_LOG = /var/log/denyhosts | |
436 | # | |
437 | # disable logging: | |
438 | #DAEMON_LOG = | |
439 | # | |
440 | ###################################################################### | |
441 | ||
0dd10d1d MB |
442 | ####################################################################### |
443 | # | |
444 | # DAEMON_LOG_TIME_FORMAT: when DenyHosts is run in daemon mode | |
445 | # (--daemon flag) this specifies the timestamp format of | |
446 | # the DAEMON_LOG messages (default is the ISO8061 format: | |
447 | # ie. 2005-07-22 10:38:01,745) | |
448 | # | |
449 | # for possible values for this parameter refer to: man strftime | |
450 | # | |
451 | # Jan 1 13:05:59 | |
452 | #DAEMON_LOG_TIME_FORMAT = %b %d %H:%M:%S | |
453 | # | |
454 | # Jan 1 01:05:59 | |
455 | #DAEMON_LOG_TIME_FORMAT = %b %d %I:%M:%S | |
456 | # | |
457 | ###################################################################### | |
400edb92 MB |
458 | |
459 | ####################################################################### | |
460 | # | |
461 | # DAEMON_LOG_MESSAGE_FORMAT: when DenyHosts is run in daemon mode | |
462 | # (--daemon flag) this specifies the message format of each logged | |
463 | # entry. By default the following format is used: | |
464 | # | |
465 | # %(asctime)s - %(name)-12s: %(levelname)-8s %(message)s | |
466 | # | |
467 | # Where the "%(asctime)s" portion is expanded to the format | |
468 | # defined by DAEMON_LOG_TIME_FORMAT | |
469 | # | |
470 | # This string is passed to python's logging.Formatter contstuctor. | |
471 | # For details on the possible format types please refer to: | |
472 | # http://docs.python.org/lib/node357.html | |
473 | # | |
474 | # This is the default: | |
475 | #DAEMON_LOG_MESSAGE_FORMAT = %(asctime)s - %(name)-12s: %(levelname)-8s %(message)s | |
476 | # | |
477 | # | |
478 | ###################################################################### | |
479 | ||
0dd10d1d | 480 | |
6b557d34 | 481 | ####################################################################### |
482 | # | |
483 | # DAEMON_SLEEP: when DenyHosts is run in daemon mode (--daemon flag) | |
484 | # this is the amount of time DenyHosts will sleep between polling | |
0dd10d1d MB |
485 | # the SECURE_LOG. See the comments in the PURGE_DENY section (above) |
486 | # for details on specifying this value or for complete details | |
487 | # refer to: http://denyhosts.sourceforge.net/faq.html#timespec | |
488 | # | |
6b557d34 | 489 | # |
358bb9bc | 490 | DAEMON_SLEEP = 30s |
6b557d34 | 491 | # |
492 | ####################################################################### | |
493 | ||
494 | ####################################################################### | |
495 | # | |
0dd10d1d | 496 | # DAEMON_PURGE: How often should DenyHosts, when run in daemon mode, |
6b557d34 | 497 | # run the purge mechanism to expire old entries in HOSTS_DENY |
6b557d34 | 498 | # This has no effect if PURGE_DENY is blank. |
499 | # | |
500 | DAEMON_PURGE = 60 | |
501 | # | |
502 | ####################################################################### | |
503 | ||
400edb92 MB |
504 | |
505 | ######### THESE SETTINGS ARE SPECIFIC TO ########## | |
506 | ######### DAEMON SYNCHRONIZATION ########## | |
507 | ||
508 | ||
509 | ####################################################################### | |
510 | # | |
511 | # Synchronization mode allows the DenyHosts daemon the ability | |
512 | # to periodically send and receive denied host data such that | |
513 | # DenyHosts daemons worldwide can automatically inform one | |
514 | # another regarding banned hosts. This mode is disabled by | |
515 | # default, you must uncomment SYNC_SERVER to enable this mode. | |
516 | # | |
517 | # for more information, please refer to: | |
518 | # http:/denyhosts.sourceforge.net/faq.html#sync | |
519 | # | |
520 | ####################################################################### | |
521 | ||
522 | ||
523 | ####################################################################### | |
524 | # | |
525 | # SYNC_SERVER: The central server that communicates with DenyHost | |
526 | # daemons. Currently, denyhosts.net is the only available server | |
527 | # however, in the future, it may be possible for organizations to | |
528 | # install their own server for internal network synchronization | |
529 | # | |
530 | # To disable synchronization (the default), do nothing. | |
531 | # | |
532 | # To enable synchronization, you must uncomment the following line: | |
533 | #SYNC_SERVER = http://xmlrpc.denyhosts.net:9911 | |
534 | # | |
535 | ####################################################################### | |
536 | ||
537 | ####################################################################### | |
538 | # | |
539 | # SYNC_INTERVAL: the interval of time to perform synchronizations if | |
540 | # SYNC_SERVER has been uncommented. The default is 1 hour. | |
541 | # | |
542 | #SYNC_INTERVAL = 1h | |
543 | # | |
544 | ####################################################################### | |
545 | ||
546 | ||
547 | ####################################################################### | |
548 | # | |
549 | # SYNC_UPLOAD: allow your DenyHosts daemon to transmit hosts that have | |
550 | # been denied? This option only applies if SYNC_SERVER has | |
551 | # been uncommented. | |
c3be9809 | 552 | # The default is SYNC_UPLOAD = yes |
400edb92 MB |
553 | # |
554 | #SYNC_UPLOAD = no | |
400edb92 MB |
555 | #SYNC_UPLOAD = yes |
556 | # | |
557 | ####################################################################### | |
558 | ||
559 | ||
560 | ####################################################################### | |
561 | # | |
562 | # SYNC_DOWNLOAD: allow your DenyHosts daemon to receive hosts that have | |
563 | # been denied by others? This option only applies if SYNC_SERVER has | |
564 | # been uncommented. | |
c3be9809 | 565 | # The default is SYNC_DOWNLOAD = yes |
400edb92 MB |
566 | # |
567 | #SYNC_DOWNLOAD = no | |
400edb92 MB |
568 | #SYNC_DOWNLOAD = yes |
569 | # | |
99447933 MB |
570 | # |
571 | # | |
400edb92 MB |
572 | ####################################################################### |
573 | ||
574 | ####################################################################### | |
575 | # | |
576 | # SYNC_DOWNLOAD_THRESHOLD: If SYNC_DOWNLOAD is enabled this paramter | |
577 | # filters the returned hosts to those that have been blocked this many | |
578 | # times by others. That is, if set to 1, then if a single DenyHosts | |
579 | # server has denied an ip address then you will receive the denied host. | |
580 | # | |
99447933 MB |
581 | # See also SYNC_DOWNLOAD_RESILIENCY |
582 | # | |
400edb92 MB |
583 | #SYNC_DOWNLOAD_THRESHOLD = 10 |
584 | # | |
99447933 MB |
585 | # The default is SYNC_DOWNLOAD_THRESHOLD = 3 |
586 | # | |
400edb92 | 587 | #SYNC_DOWNLOAD_THRESHOLD = 3 |
99447933 | 588 | # |
400edb92 MB |
589 | ####################################################################### |
590 | ||
c3be9809 RT |
591 | ####################################################################### |
592 | # | |
593 | # SYNC_DOWNLOAD_RESILIENCY: If SYNC_DOWNLOAD is enabled then the | |
594 | # value specified for this option limits the downloaded data | |
595 | # to this resiliency period or greater. | |
596 | # | |
99447933 | 597 | # Resiliency is defined as the timespan between a hackers first known |
c3be9809 | 598 | # attack and it's most recent attack. Example: |
99447933 MB |
599 | # |
600 | # If the centralized denyhosts.net server records an attack at 2 PM | |
601 | # and then again at 5 PM, specifying a SYNC_DOWNLOAD_RESILIENCY = 4h | |
c3be9809 RT |
602 | # will not download this ip address. |
603 | # | |
99447933 MB |
604 | # However, if the attacker is recorded again at 6:15 PM then the |
605 | # ip address will be downloaded by your DenyHosts instance. | |
c3be9809 | 606 | # |
99447933 MB |
607 | # This value is used in conjunction with the SYNC_DOWNLOAD_THRESHOLD |
608 | # and only hosts that satisfy both values will be downloaded. | |
609 | # This value has no effect if SYNC_DOWNLOAD_THRESHOLD = 1 | |
c3be9809 RT |
610 | # |
611 | # The default is SYNC_DOWNLOAD_RESILIENCY = 5h (5 hours) | |
612 | # | |
613 | # Only obtain hackers that have been at it for 2 days or more: | |
614 | #SYNC_DOWNLOAD_RESILIENCY = 2d | |
615 | # | |
616 | # Only obtain hackers that have been at it for 5 hours or more: | |
617 | #SYNC_DOWNLOAD_RESILIENCY = 5h | |
618 | # | |
619 | ####################################################################### | |
400edb92 | 620 |