SOURCES: DenyHosts.cfg - updated for 1.1.3

megabajt megabajt at pld-linux.org
Sun Nov 20 15:05:43 CET 2005 

Author: megabajt                     Date: Sun Nov 20 14:05:43 2005 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- updated for 1.1.3

---- Files affected:
SOURCES:
   DenyHosts.cfg (1.2 -> 1.3) 

---- Diffs:

================================================================
Index: SOURCES/DenyHosts.cfg
diff -u SOURCES/DenyHosts.cfg:1.2 SOURCES/DenyHosts.cfg:1.3
--- SOURCES/DenyHosts.cfg:1.2	Fri Jul 29 11:14:52 2005
+++ SOURCES/DenyHosts.cfg	Sun Nov 20 15:05:38 2005
@@ -8,10 +8,10 @@
 # The file to process can be overridden with the --file command line
 # argument
 #
-# Redhat:
+# Redhat or Fedora Core:
 SECURE_LOG = /var/log/secure
 #
-# Mandrake or FreeBSD: 
+# Mandrake, FreeBSD or OpenBSD: 
 #SECURE_LOG = /var/log/auth.log
 #
 # SuSE:
@@ -19,7 +19,6 @@
 #
 ########################################################################
 
-
 ########################################################################
 # HOSTS_DENY: the file which contains restricted host access information
 #
@@ -78,17 +77,43 @@
 
 #######################################################################
 #
-# DENY_THRESHOLD: block each host after the number of failed login 
-# attempts has exceeded this value.
+# DENY_THRESHOLD_INVALID: block each host after the number of failed login 
+# attempts has exceeded this value.  This value applies to invalid
+# user login attempts (eg. non-existent user accounts)
+#
+DENY_THRESHOLD_INVALID = 3
+#
+#######################################################################
+
+#######################################################################
+#
+# DENY_THRESHOLD_VALID: block each host after the number of failed 
+# login attempts has exceeded this value.  This value applies to valid
+# user login attempts (eg. user accounts that exist in /etc/passwd) except
+# for the "root" user
+#
+DENY_THRESHOLD_VALID = 10
+#
+#######################################################################
+
+#######################################################################
+#
+# DENY_THRESHOLD_ROOT: block each host after the number of failed 
+# login attempts has exceeded this value.  This value applies to 
+# "root" user login attempts only.
 #
-DENY_THRESHOLD = 3
+DENY_THRESHOLD_ROOT = 1
 #
 #######################################################################
 
+
 #######################################################################
 #
 # WORK_DIR: the path that DenyHosts will use for writing data to
-# (it will be created if it does not already exist).       
+# (it will be created if it does not already exist).  
+#
+# Note: when run in daemon mode, this directory should be specified
+# as an absolute path name (eg. /home/foo/denyhosts/data)
 #
 WORK_DIR = /var/lib/DenyHosts
 #
@@ -117,6 +142,7 @@
 # (if available).
 #
 HOSTNAME_LOOKUP=YES
+#
 ######################################################################
 
 
@@ -133,8 +159,12 @@
 # Redhat/Fedora:
 LOCK_FILE = /var/lock/subsys/denyhosts
 #
+# Debian
+#LOCK_FILE = /var/run/denyhosts.pid
+#
+# Misc
 #LOCK_FILE = /tmp/denyhosts.lock
-
+#
 ######################################################################
 
 
@@ -156,11 +186,101 @@
 #
 SMTP_HOST = localhost
 SMTP_PORT = 25
-SMTP_FROM = DenyHosts
+SMTP_FROM = DenyHosts <nobody at localhost>
 SMTP_SUBJECT = DenyHosts Report
+#SMTP_USERNAME=foo
+#SMTP_PASSWORD=bar
 #
 #######################################################################
 
+######################################################################
+#
+# ALLOWED_HOSTS_HOSTNAME_LOOKUP
+#
+# ALLOWED_HOSTS_HOSTNAME_LOOKUP=YES|NO
+# If set to YES, for each entry in the WORK_DIR/allowed-hosts file,
+# the hostname will be looked up.  If your versions of tcp_wrappers
+# and sshd sometimes log hostnames in addition to ip addresses
+# then you may wish to specify this option.
+# 
+#ALLOWED_HOSTS_HOSTNAME_LOOKUP=NO
+#
+######################################################################
+
+###################################################################### 
+# 
+# AGE_RESET_VALID: Specifies the period of time between failed login
+# attempts that, when exceeded will result in the failed count for 
+# this host to be reset to 0.  This value applies to login attempts 
+# to all valid users (those within /etc/passwd) with the 
+# exception of root.  If not defined, this count will never
+# be reset.
+#
+# See the comments in the PURGE_DENY section (above) 
+# for details on specifying this value or for complete details 
+# refer to:  http://denyhosts.sourceforge.net/faq.html#timespec
+#
+AGE_RESET_VALID=5d
+#
+######################################################################
+
+###################################################################### 
+# 
+# AGE_RESET_ROOT: Specifies the period of time between failed login
+# attempts that, when exceeded will result in the failed count for 
+# this host to be reset to 0.  This value applies to all login 
+# attempts to the "root" user account.  If not defined,
+# this count will never be reset.
+#
+# See the comments in the PURGE_DENY section (above) 
+# for details on specifying this value or for complete details 
+# refer to:  http://denyhosts.sourceforge.net/faq.html#timespec
+#
+AGE_RESET_ROOT=25d
+#
+######################################################################
+
+###################################################################### 
+# 
+# AGE_RESET_INVALID: Specifies the period of time between failed login
+# attempts that, when exceeded will result in the failed count for 
+# this host to be reset to 0.  This value applies to login attempts 
+# made to any invalid username (those that do not appear 
+# in /etc/passwd).  If not defined, count will never be reset.
+#
+# See the comments in the PURGE_DENY section (above) 
+# for details on specifying this value or for complete details 
+# refer to:  http://denyhosts.sourceforge.net/faq.html#timespec
+#
+AGE_RESET_INVALID=10d
+#
+######################################################################
+
+######################################################################
+#
+# PLUGIN_DENY: If set, this value should point to an executable
+# program that will be invoked when a host is added to the
+# HOSTS_DENY file.  This executable will be passed the host
+# that will be added as it's only argument.
+#
+#PLUGIN_DENY=/usr/bin/true
+#
+######################################################################
+
+
+######################################################################
+#
+# PLUGIN_PURGE: If set, this value should point to an executable
+# program that will be invoked when a host is removed from the
+# HOSTS_DENY file.  This executable will be passed the host
+# that is to be purged as it's only argument.
+#
+#PLUGIN_PURGE=/usr/bin/true
+#
+######################################################################
+
+
+   ######### THESE SETTINGS ARE SPECIFIC TO DAEMON MODE  ##########
 
 
 #######################################################################
@@ -176,13 +296,31 @@
 #
 ######################################################################
 
-
-
+#######################################################################
+# 
+# DAEMON_LOG_TIME_FORMAT: when DenyHosts is run in daemon mode 
+# (--daemon flag) this specifies the timestamp format of 
+# the DAEMON_LOG messages (default is the ISO8061 format:
+# ie. 2005-07-22 10:38:01,745)
+#
+# for possible values for this parameter refer to: man strftime
+#
+# Jan 1 13:05:59   
+#DAEMON_LOG_TIME_FORMAT = %b %d %H:%M:%S
+#
+# Jan 1 01:05:59 
+#DAEMON_LOG_TIME_FORMAT = %b %d %I:%M:%S
+#
+###################################################################### 
+ 
 #######################################################################
 #
 # DAEMON_SLEEP: when DenyHosts is run in daemon mode (--daemon flag)
 # this is the amount of time DenyHosts will sleep between polling
-# the SECURE_LOG.  This value is in seconds (default is 30)
+# the SECURE_LOG.  See the comments in the PURGE_DENY section (above)
+# for details on specifying this value or for complete details
+# refer to:    http://denyhosts.sourceforge.net/faq.html#timespec
+# 
 #
 DAEMON_SLEEP = 30
 #
@@ -190,9 +328,8 @@
 
 #######################################################################
 #
-# DAEMON_PURGE: How often should DenyHosts, when run in daemon mode
+# DAEMON_PURGE: How often should DenyHosts, when run in daemon mode,
 # run the purge mechanism to expire old entries in HOSTS_DENY
-# This value is in seconds (default is 3600 seconds = 1 hour)
 # This has no effect if PURGE_DENY is blank.
 #
 DAEMON_PURGE = 60
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/SOURCES/DenyHosts.cfg?r1=1.2&r2=1.3&f=u

More information about the pld-cvs-commit mailing list