1 ############ THESE SETTINGS ARE REQUIRED ############
3 ########################################################################
5 # SECURE_LOG: the log file that contains sshd logging info
6 # if you are not sure, grep "sshd:" /var/log/*
8 # The file to process can be overridden with the --file command line
11 # Redhat or Fedora Core:
12 SECURE_LOG = /var/log/secure
14 # Mandrake, FreeBSD or OpenBSD:
15 #SECURE_LOG = /var/log/auth.log
18 #SECURE_LOG = /var/log/messages
20 # Mac OS X (v10.4 or greater -
21 # also refer to: http://www.denyhosts.net/faq.html#macos
22 #SECURE_LOG = /private/var/log/asl.log
24 # Mac OS X (v10.3 or earlier):
25 #SECURE_LOG=/private/var/log/system.log
27 ########################################################################
29 ########################################################################
31 # HOSTS_DENY: the file which contains restricted host access information
33 # Most operating systems:
34 HOSTS_DENY = /etc/tcpd/hosts.deny
36 # Some BSD (FreeBSD) Unixes:
37 #HOSTS_DENY = /etc/hosts.allow
39 # Another possibility (also see the next option):
40 #HOSTS_DENY = /etc/hosts.evil
41 #######################################################################
44 ########################################################################
46 # PURGE_DENY: removed HOSTS_DENY entries that are older than this time
47 # when DenyHosts is invoked with the --purge flag
50 # Where 'i' is an integer (eg. 7)
60 # purge entries older than 1 week
63 # purge entries older than 5 days
65 #######################################################################
67 #######################################################################
69 # PURGE_THRESHOLD: defines the maximum times a host will be purged.
70 # Once this value has been exceeded then this host will not be purged.
71 # Setting this parameter to 0 (the default) disables this feature.
73 # default: a denied host can be purged/re-added indefinitely
76 # a denied host will be purged at most 2 times.
79 #######################################################################
82 #######################################################################
84 # BLOCK_SERVICE: the service name that should be blocked in HOSTS_DENY
86 # man 5 hosts_access for details
88 # eg. sshd: 127.0.0.1 # will block sshd logins from 127.0.0.1
90 # To block all services for the offending host:
94 # To only record the offending host and nothing else (if using
95 # an auxilary file to list the hosts). Refer to:
96 # http://denyhosts.sourceforge.net/faq.html#aux
99 #######################################################################
102 #######################################################################
104 # DENY_THRESHOLD_INVALID: block each host after the number of failed login
105 # attempts has exceeded this value. This value applies to invalid
106 # user login attempts (eg. non-existent user accounts)
108 DENY_THRESHOLD_INVALID = 3
110 #######################################################################
112 #######################################################################
114 # DENY_THRESHOLD_VALID: block each host after the number of failed
115 # login attempts has exceeded this value. This value applies to valid
116 # user login attempts (eg. user accounts that exist in /etc/passwd) except
117 # for the "root" user
119 DENY_THRESHOLD_VALID = 10
121 #######################################################################
123 #######################################################################
125 # DENY_THRESHOLD_ROOT: block each host after the number of failed
126 # login attempts has exceeded this value. This value applies to
127 # "root" user login attempts only.
129 DENY_THRESHOLD_ROOT = 1
131 #######################################################################
134 #######################################################################
136 # DENY_THRESHOLD_RESTRICTED: block each host after the number of failed
137 # login attempts has exceeded this value. This value applies to
138 # usernames that appear in the WORK_DIR/restricted-usernames file only.
140 DENY_THRESHOLD_RESTRICTED = 1
142 #######################################################################
145 #######################################################################
147 # WORK_DIR: the path that DenyHosts will use for writing data to
148 # (it will be created if it does not already exist).
150 # Note: it is recommended that you use an absolute pathname
151 # for this value (eg. /home/foo/denyhosts/data)
153 WORK_DIR = /var/lib/DenyHosts
155 #######################################################################
157 #######################################################################
159 # SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS
161 # SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES|NO
162 # If set to YES, if a suspicious login attempt results from an allowed-host
163 # then it is considered suspicious. If this is NO, then suspicious logins
164 # from allowed-hosts will not be reported. All suspicious logins from
165 # ip addresses that are not in allowed-hosts will always be reported.
167 SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
168 ######################################################################
170 ######################################################################
174 # HOSTNAME_LOOKUP=YES|NO
175 # If set to YES, for each IP address that is reported by Denyhosts,
176 # the corresponding hostname will be looked up and reported as well
181 ######################################################################
184 ######################################################################
188 # LOCK_FILE=/path/denyhosts
189 # If this file exists when DenyHosts is run, then DenyHosts will exit
190 # immediately. Otherwise, this file will be created upon invocation
191 # and deleted upon exit. This ensures that only one instance is
195 LOCK_FILE = /var/lock/subsys/denyhosts
198 #LOCK_FILE = /var/run/denyhosts.pid
201 #LOCK_FILE = /tmp/denyhosts.lock
203 ######################################################################
206 ############ THESE SETTINGS ARE OPTIONAL ############
209 #######################################################################
211 # ADMIN_EMAIL: if you would like to receive emails regarding newly
212 # restricted hosts and suspicious logins, set this address to
213 # match your email address. If you do not want to receive these reports
214 # leave this field blank (or run with the --noemail option)
216 # Multiple email addresses can be delimited by a comma, eg:
217 # ADMIN_EMAIL = foo@bar.com, bar@foo.com, etc@foobar.com
219 ADMIN_EMAIL = root@localhost
221 #######################################################################
223 #######################################################################
225 # SMTP_HOST and SMTP_PORT: if DenyHosts is configured to email
226 # reports (see ADMIN_EMAIL) then these settings specify the
227 # email server address (SMTP_HOST) and the server port (SMTP_PORT)
230 SMTP_HOST = localhost
233 #######################################################################
235 #######################################################################
237 # SMTP_USERNAME and SMTP_PASSWORD: set these parameters if your
238 # smtp email server requires authentication
243 ######################################################################
245 #######################################################################
247 # SMTP_FROM: you can specify the "From:" address in messages sent
248 # from DenyHosts when it reports thwarted abuse attempts
250 SMTP_FROM = DenyHosts <nobody@localhost>
252 #######################################################################
254 #######################################################################
256 # SMTP_SUBJECT: you can specify the "Subject:" of messages sent
257 # by DenyHosts when it reports thwarted abuse attempts
258 SMTP_SUBJECT = DenyHosts Report
260 ######################################################################
262 ######################################################################
264 # SMTP_DATE_FORMAT: specifies the format used for the "Date:" header
265 # when sending email messages.
267 # for possible values for this parameter refer to: man strftime
271 #SMTP_DATE_FORMAT = %a, %d %b %Y %H:%M:%S %z
273 ######################################################################
275 ######################################################################
279 # SYSLOG_REPORT=YES|NO
280 # If set to yes, when denied hosts are recorded the report data
281 # will be sent to syslog (syslog must be present on your system).
288 ######################################################################
290 ######################################################################
292 # ALLOWED_HOSTS_HOSTNAME_LOOKUP
294 # ALLOWED_HOSTS_HOSTNAME_LOOKUP=YES|NO
295 # If set to YES, for each entry in the WORK_DIR/allowed-hosts file,
296 # the hostname will be looked up. If your versions of tcp_wrappers
297 # and sshd sometimes log hostnames in addition to ip addresses
298 # then you may wish to specify this option.
300 #ALLOWED_HOSTS_HOSTNAME_LOOKUP=NO
302 ######################################################################
304 ######################################################################
306 # AGE_RESET_VALID: Specifies the period of time between failed login
307 # attempts that, when exceeded will result in the failed count for
308 # this host to be reset to 0. This value applies to login attempts
309 # to all valid users (those within /etc/passwd) with the
310 # exception of root. If not defined, this count will never
313 # See the comments in the PURGE_DENY section (above)
314 # for details on specifying this value or for complete details
315 # refer to: http://denyhosts.sourceforge.net/faq.html#timespec
319 ######################################################################
321 ######################################################################
323 # AGE_RESET_ROOT: Specifies the period of time between failed login
324 # attempts that, when exceeded will result in the failed count for
325 # this host to be reset to 0. This value applies to all login
326 # attempts to the "root" user account. If not defined,
327 # this count will never be reset.
329 # See the comments in the PURGE_DENY section (above)
330 # for details on specifying this value or for complete details
331 # refer to: http://denyhosts.sourceforge.net/faq.html#timespec
335 ######################################################################
337 ######################################################################
339 # AGE_RESET_RESTRICTED: Specifies the period of time between failed login
340 # attempts that, when exceeded will result in the failed count for
341 # this host to be reset to 0. This value applies to all login
342 # attempts to entries found in the WORK_DIR/restricted-usernames file.
343 # If not defined, the count will never be reset.
345 # See the comments in the PURGE_DENY section (above)
346 # for details on specifying this value or for complete details
347 # refer to: http://denyhosts.sourceforge.net/faq.html#timespec
349 AGE_RESET_RESTRICTED=25d
351 ######################################################################
354 ######################################################################
356 # AGE_RESET_INVALID: Specifies the period of time between failed login
357 # attempts that, when exceeded will result in the failed count for
358 # this host to be reset to 0. This value applies to login attempts
359 # made to any invalid username (those that do not appear
360 # in /etc/passwd). If not defined, count will never be reset.
362 # See the comments in the PURGE_DENY section (above)
363 # for details on specifying this value or for complete details
364 # refer to: http://denyhosts.sourceforge.net/faq.html#timespec
366 AGE_RESET_INVALID=10d
368 ######################################################################
371 ######################################################################
373 # RESET_ON_SUCCESS: If this parameter is set to "yes" then the
374 # failed count for the respective ip address will be reset to 0
375 # if the login is successful.
377 # The default is RESET_ON_SUCCESS = no
379 #RESET_ON_SUCCESS = yes
381 #####################################################################
384 ######################################################################
386 # PLUGIN_DENY: If set, this value should point to an executable
387 # program that will be invoked when a host is added to the
388 # HOSTS_DENY file. This executable will be passed the host
389 # that will be added as it's only argument.
391 #PLUGIN_DENY=/usr/bin/true
393 ######################################################################
396 ######################################################################
398 # PLUGIN_PURGE: If set, this value should point to an executable
399 # program that will be invoked when a host is removed from the
400 # HOSTS_DENY file. This executable will be passed the host
401 # that is to be purged as it's only argument.
403 #PLUGIN_PURGE=/usr/bin/true
405 ######################################################################
407 ######################################################################
409 # USERDEF_FAILED_ENTRY_REGEX: if set, this value should contain
410 # a regular expression that can be used to identify additional
411 # hackers for your particular ssh configuration. This functionality
412 # extends the built-in regular expressions that DenyHosts uses.
413 # This parameter can be specified multiple times.
414 # See this faq entry for more details:
415 # http://denyhosts.sf.net/faq.html#userdef_regex
417 #USERDEF_FAILED_ENTRY_REGEX=
420 ######################################################################
425 ######### THESE SETTINGS ARE SPECIFIC TO DAEMON MODE ##########
429 #######################################################################
431 # DAEMON_LOG: when DenyHosts is run in daemon mode (--daemon flag)
432 # this is the logfile that DenyHosts uses to report it's status.
433 # To disable logging, leave blank. (default is: /var/log/denyhosts)
435 DAEMON_LOG = /var/log/denyhosts
440 ######################################################################
442 #######################################################################
444 # DAEMON_LOG_TIME_FORMAT: when DenyHosts is run in daemon mode
445 # (--daemon flag) this specifies the timestamp format of
446 # the DAEMON_LOG messages (default is the ISO8061 format:
447 # ie. 2005-07-22 10:38:01,745)
449 # for possible values for this parameter refer to: man strftime
452 #DAEMON_LOG_TIME_FORMAT = %b %d %H:%M:%S
455 #DAEMON_LOG_TIME_FORMAT = %b %d %I:%M:%S
457 ######################################################################
459 #######################################################################
461 # DAEMON_LOG_MESSAGE_FORMAT: when DenyHosts is run in daemon mode
462 # (--daemon flag) this specifies the message format of each logged
463 # entry. By default the following format is used:
465 # %(asctime)s - %(name)-12s: %(levelname)-8s %(message)s
467 # Where the "%(asctime)s" portion is expanded to the format
468 # defined by DAEMON_LOG_TIME_FORMAT
470 # This string is passed to python's logging.Formatter contstuctor.
471 # For details on the possible format types please refer to:
472 # http://docs.python.org/lib/node357.html
474 # This is the default:
475 #DAEMON_LOG_MESSAGE_FORMAT = %(asctime)s - %(name)-12s: %(levelname)-8s %(message)s
478 ######################################################################
481 #######################################################################
483 # DAEMON_SLEEP: when DenyHosts is run in daemon mode (--daemon flag)
484 # this is the amount of time DenyHosts will sleep between polling
485 # the SECURE_LOG. See the comments in the PURGE_DENY section (above)
486 # for details on specifying this value or for complete details
487 # refer to: http://denyhosts.sourceforge.net/faq.html#timespec
492 #######################################################################
494 #######################################################################
496 # DAEMON_PURGE: How often should DenyHosts, when run in daemon mode,
497 # run the purge mechanism to expire old entries in HOSTS_DENY
498 # This has no effect if PURGE_DENY is blank.
502 #######################################################################
505 ######### THESE SETTINGS ARE SPECIFIC TO ##########
506 ######### DAEMON SYNCHRONIZATION ##########
509 #######################################################################
511 # Synchronization mode allows the DenyHosts daemon the ability
512 # to periodically send and receive denied host data such that
513 # DenyHosts daemons worldwide can automatically inform one
514 # another regarding banned hosts. This mode is disabled by
515 # default, you must uncomment SYNC_SERVER to enable this mode.
517 # for more information, please refer to:
518 # http:/denyhosts.sourceforge.net/faq.html#sync
520 #######################################################################
523 #######################################################################
525 # SYNC_SERVER: The central server that communicates with DenyHost
526 # daemons. Currently, denyhosts.net is the only available server
527 # however, in the future, it may be possible for organizations to
528 # install their own server for internal network synchronization
530 # To disable synchronization (the default), do nothing.
532 # To enable synchronization, you must uncomment the following line:
533 #SYNC_SERVER = http://xmlrpc.denyhosts.net:9911
535 #######################################################################
537 #######################################################################
539 # SYNC_INTERVAL: the interval of time to perform synchronizations if
540 # SYNC_SERVER has been uncommented. The default is 1 hour.
544 #######################################################################
547 #######################################################################
549 # SYNC_UPLOAD: allow your DenyHosts daemon to transmit hosts that have
550 # been denied? This option only applies if SYNC_SERVER has
552 # The default is SYNC_UPLOAD = yes
557 #######################################################################
560 #######################################################################
562 # SYNC_DOWNLOAD: allow your DenyHosts daemon to receive hosts that have
563 # been denied by others? This option only applies if SYNC_SERVER has
565 # The default is SYNC_DOWNLOAD = yes
572 #######################################################################
574 #######################################################################
576 # SYNC_DOWNLOAD_THRESHOLD: If SYNC_DOWNLOAD is enabled this paramter
577 # filters the returned hosts to those that have been blocked this many
578 # times by others. That is, if set to 1, then if a single DenyHosts
579 # server has denied an ip address then you will receive the denied host.
581 # See also SYNC_DOWNLOAD_RESILIENCY
583 #SYNC_DOWNLOAD_THRESHOLD = 10
585 # The default is SYNC_DOWNLOAD_THRESHOLD = 3
587 #SYNC_DOWNLOAD_THRESHOLD = 3
589 #######################################################################
591 #######################################################################
593 # SYNC_DOWNLOAD_RESILIENCY: If SYNC_DOWNLOAD is enabled then the
594 # value specified for this option limits the downloaded data
595 # to this resiliency period or greater.
597 # Resiliency is defined as the timespan between a hackers first known
598 # attack and it's most recent attack. Example:
600 # If the centralized denyhosts.net server records an attack at 2 PM
601 # and then again at 5 PM, specifying a SYNC_DOWNLOAD_RESILIENCY = 4h
602 # will not download this ip address.
604 # However, if the attacker is recorded again at 6:15 PM then the
605 # ip address will be downloaded by your DenyHosts instance.
607 # This value is used in conjunction with the SYNC_DOWNLOAD_THRESHOLD
608 # and only hosts that satisfy both values will be downloaded.
609 # This value has no effect if SYNC_DOWNLOAD_THRESHOLD = 1
611 # The default is SYNC_DOWNLOAD_RESILIENCY = 5h (5 hours)
613 # Only obtain hackers that have been at it for 2 days or more:
614 #SYNC_DOWNLOAD_RESILIENCY = 2d
616 # Only obtain hackers that have been at it for 5 hours or more:
617 #SYNC_DOWNLOAD_RESILIENCY = 5h
619 #######################################################################