# SuSE:
#SECURE_LOG = /var/log/messages
#
+# Mac OS X (v10.4 or greater -
+# also refer to: http://www.denyhosts.net/faq.html#macos
+#SECURE_LOG = /private/var/log/asl.log
+#
+# Mac OS X (v10.3 or earlier):
+#SECURE_LOG=/private/var/log/system.log
+#
########################################################################
########################################################################
+#
# HOSTS_DENY: the file which contains restricted host access information
#
# Most operating systems:
########################################################################
+#
# PURGE_DENY: removed HOSTS_DENY entries that are older than this time
# when DenyHosts is invoked with the --purge flag
#
#PURGE_DENY = 5d
#######################################################################
+#######################################################################
+#
+# PURGE_THRESHOLD: defines the maximum times a host will be purged.
+# Once this value has been exceeded then this host will not be purged.
+# Setting this parameter to 0 (the default) disables this feature.
+#
+# default: a denied host can be purged/re-added indefinitely
+#PURGE_THRESHOLD = 0
+#
+# a denied host will be purged at most 2 times.
+#PURGE_THRESHOLD = 2
+#
+#######################################################################
+
#######################################################################
+#
# BLOCK_SERVICE: the service name that should be blocked in HOSTS_DENY
#
# man 5 hosts_access for details
#######################################################################
+#######################################################################
+#
+# DENY_THRESHOLD_RESTRICTED: block each host after the number of failed
+# login attempts has exceeded this value. This value applies to
+# usernames that appear in the WORK_DIR/restricted-usernames file only.
+#
+DENY_THRESHOLD_RESTRICTED = 1
+#
+#######################################################################
+
+
#######################################################################
#
# WORK_DIR: the path that DenyHosts will use for writing data to
# (it will be created if it does not already exist).
#
-# Note: when run in daemon mode, this directory should be specified
-# as an absolute path name (eg. /home/foo/denyhosts/data)
+# Note: it is recommended that you use an absolute pathname
+# for this value (eg. /home/foo/denyhosts/data)
#
WORK_DIR = /var/lib/DenyHosts
#
# match your email address. If you do not want to receive these reports
# leave this field blank (or run with the --noemail option)
#
+# Multiple email addresses can be delimited by a comma, eg:
+# ADMIN_EMAIL = foo@bar.com, bar@foo.com, etc@foobar.com
+#
ADMIN_EMAIL = root@localhost
#
#######################################################################
#######################################################################
#
+# SMTP_HOST and SMTP_PORT: if DenyHosts is configured to email
+# reports (see ADMIN_EMAIL) then these settings specify the
+# email server address (SMTP_HOST) and the server port (SMTP_PORT)
+#
+#
SMTP_HOST = localhost
SMTP_PORT = 25
-SMTP_FROM = DenyHosts <nobody@localhost>
-SMTP_SUBJECT = DenyHosts Report
+#
+#######################################################################
+
+#######################################################################
+#
+# SMTP_USERNAME and SMTP_PASSWORD: set these parameters if your
+# smtp email server requires authentication
+#
#SMTP_USERNAME=foo
#SMTP_PASSWORD=bar
#
+######################################################################
+
+#######################################################################
+#
+# SMTP_FROM: you can specify the "From:" address in messages sent
+# from DenyHosts when it reports thwarted abuse attempts
+#
+SMTP_FROM = DenyHosts <nobody@localhost>
+#
+#######################################################################
+
#######################################################################
+#
+# SMTP_SUBJECT: you can specify the "Subject:" of messages sent
+# by DenyHosts when it reports thwarted abuse attempts
+SMTP_SUBJECT = DenyHosts Report
+#
+######################################################################
+
+######################################################################
+#
+# SMTP_DATE_FORMAT: specifies the format used for the "Date:" header
+# when sending email messages.
+#
+# for possible values for this parameter refer to: man strftime
+#
+# the default:
+#
+#SMTP_DATE_FORMAT = %a, %d %b %Y %H:%M:%S %z
+#
+######################################################################
+
+######################################################################
+#
+# SYSLOG_REPORT
+#
+# SYSLOG_REPORT=YES|NO
+# If set to yes, when denied hosts are recorded the report data
+# will be sent to syslog (syslog must be present on your system).
+# The default is: NO
+#
+#SYSLOG_REPORT=NO
+#
+#SYSLOG_REPORT=YES
+#
+######################################################################
######################################################################
#
#
######################################################################
+######################################################################
+#
+# AGE_RESET_RESTRICTED: Specifies the period of time between failed login
+# attempts that, when exceeded will result in the failed count for
+# this host to be reset to 0. This value applies to all login
+# attempts to entries found in the WORK_DIR/restricted-usernames file.
+# If not defined, the count will never be reset.
+#
+# See the comments in the PURGE_DENY section (above)
+# for details on specifying this value or for complete details
+# refer to: http://denyhosts.sourceforge.net/faq.html#timespec
+#
+AGE_RESET_RESTRICTED=25d
+#
+######################################################################
+
+
######################################################################
#
# AGE_RESET_INVALID: Specifies the period of time between failed login
#
######################################################################
+
+######################################################################
+#
+# RESET_ON_SUCCESS: If this parameter is set to "yes" then the
+# failed count for the respective ip address will be reset to 0
+# if the login is successful.
+#
+# The default is RESET_ON_SUCCESS = no
+#
+#RESET_ON_SUCCESS = yes
+#
+#####################################################################
+
+
######################################################################
#
# PLUGIN_DENY: If set, this value should point to an executable
# refer to: http://denyhosts.sourceforge.net/faq.html#timespec
#
#
-DAEMON_SLEEP = 30
+DAEMON_SLEEP = 30s
#
#######################################################################
# SYNC_UPLOAD: allow your DenyHosts daemon to transmit hosts that have
# been denied? This option only applies if SYNC_SERVER has
# been uncommented.
+# The default is SYNC_UPLOAD = yes
#
#SYNC_UPLOAD = no
-#
-# the default:
#SYNC_UPLOAD = yes
#
#######################################################################
# SYNC_DOWNLOAD: allow your DenyHosts daemon to receive hosts that have
# been denied by others? This option only applies if SYNC_SERVER has
# been uncommented.
+# The default is SYNC_DOWNLOAD = yes
#
#SYNC_DOWNLOAD = no
-#
-# the default:
#SYNC_DOWNLOAD = yes
#
+#
+#
#######################################################################
#######################################################################
# times by others. That is, if set to 1, then if a single DenyHosts
# server has denied an ip address then you will receive the denied host.
#
+# See also SYNC_DOWNLOAD_RESILIENCY
+#
#SYNC_DOWNLOAD_THRESHOLD = 10
#
-# the default:
+# The default is SYNC_DOWNLOAD_THRESHOLD = 3
+#
#SYNC_DOWNLOAD_THRESHOLD = 3
-#
+#
#######################################################################
+#######################################################################
+#
+# SYNC_DOWNLOAD_RESILIENCY: If SYNC_DOWNLOAD is enabled then the
+# value specified for this option limits the downloaded data
+# to this resiliency period or greater.
+#
+# Resiliency is defined as the timespan between a hackers first known
+# attack and it's most recent attack. Example:
+#
+# If the centralized denyhosts.net server records an attack at 2 PM
+# and then again at 5 PM, specifying a SYNC_DOWNLOAD_RESILIENCY = 4h
+# will not download this ip address.
+#
+# However, if the attacker is recorded again at 6:15 PM then the
+# ip address will be downloaded by your DenyHosts instance.
+#
+# This value is used in conjunction with the SYNC_DOWNLOAD_THRESHOLD
+# and only hosts that satisfy both values will be downloaded.
+# This value has no effect if SYNC_DOWNLOAD_THRESHOLD = 1
+#
+# The default is SYNC_DOWNLOAD_RESILIENCY = 5h (5 hours)
+#
+# Only obtain hackers that have been at it for 2 days or more:
+#SYNC_DOWNLOAD_RESILIENCY = 2d
+#
+# Only obtain hackers that have been at it for 5 hours or more:
+#SYNC_DOWNLOAD_RESILIENCY = 5h
+#
+#######################################################################