Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ############ THESE SETTINGS ARE REQUIRED ############
- ########################################################################
- #
- # SECURE_LOG: the log file that contains sshd logging info
- # if you are not sure, grep "sshd:" /var/log/*
- #
- # The file to process can be overridden with the --file command line
- # argument
- #
- # Redhat or Fedora Core:
- #SECURE_LOG = /var/log/secure
- #
- # Mandrake, FreeBSD or OpenBSD:
- SECURE_LOG = /var/log/auth.log
- #
- # SuSE:
- #SECURE_LOG = /var/log/messages
- #
- # Mac OS X (v10.4 or greater -
- # also refer to: http://www.denyhosts.net/faq.html#macos
- #SECURE_LOG = /private/var/log/asl.log
- #
- # Mac OS X (v10.3 or earlier):
- #SECURE_LOG=/private/var/log/system.log
- #
- ########################################################################
- ########################################################################
- #
- # HOSTS_DENY: the file which contains restricted host access information
- #
- # Most operating systems:
- HOSTS_DENY = /etc/hosts.deniedssh
- #
- # Some BSD (FreeBSD) Unixes:
- #HOSTS_DENY = /etc/hosts.allow
- #
- # Another possibility (also see the next option):
- #HOSTS_DENY = /etc/hosts.evil
- #######################################################################
- ########################################################################
- #
- # PURGE_DENY: removed HOSTS_DENY entries that are older than this time
- # when DenyHosts is invoked with the --purge flag
- #
- # format is: i[dhwmy]
- # Where 'i' is an integer (eg. 7)
- # 'm' = minutes
- # 'h' = hours
- # 'd' = days
- # 'w' = weeks
- # 'y' = years
- #
- # never purge:
- PURGE_DENY =
- #
- # purge entries older than 1 week
- #PURGE_DENY = 1w
- #
- # purge entries older than 5 days
- #PURGE_DENY = 5d
- #######################################################################
- #######################################################################
- #
- # PURGE_THRESHOLD: defines the maximum times a host will be purged.
- # Once this value has been exceeded then this host will not be purged.
- # Setting this parameter to 0 (the default) disables this feature.
- #
- # default: a denied host can be purged/re-added indefinitely
- #PURGE_THRESHOLD = 0
- #
- # a denied host will be purged at most 2 times.
- #PURGE_THRESHOLD = 2
- #
- #######################################################################
- #######################################################################
- #
- # BLOCK_SERVICE: the service name that should be blocked in HOSTS_DENY
- #
- # man 5 hosts_access for details
- #
- # eg. sshd: 127.0.0.1 # will block sshd logins from 127.0.0.1
- #
- # To block all services for the offending host:
- #BLOCK_SERVICE = ALL
- # To block only sshd:
- BLOCK_SERVICE = sshd
- # To only record the offending host and nothing else (if using
- # an auxilary file to list the hosts). Refer to:
- # http://denyhosts.sourceforge.net/faq.html#aux
- #BLOCK_SERVICE =
- #
- #######################################################################
- #######################################################################
- #
- # DENY_THRESHOLD_INVALID: block each host after the number of failed login
- # attempts has exceeded this value. This value applies to invalid
- # user login attempts (eg. non-existent user accounts)
- #
- DENY_THRESHOLD_INVALID = 5
- #
- #######################################################################
- #######################################################################
- #
- # DENY_THRESHOLD_VALID: block each host after the number of failed
- # login attempts has exceeded this value. This value applies to valid
- # user login attempts (eg. user accounts that exist in /etc/passwd) except
- # for the "root" user
- #
- DENY_THRESHOLD_VALID = 10
- #
- #######################################################################
- #######################################################################
- #
- # DENY_THRESHOLD_ROOT: block each host after the number of failed
- # login attempts has exceeded this value. This value applies to
- # "root" user login attempts only.
- #
- DENY_THRESHOLD_ROOT = 1
- #
- #######################################################################
- #######################################################################
- #
- # DENY_THRESHOLD_RESTRICTED: block each host after the number of failed
- # login attempts has exceeded this value. This value applies to
- # usernames that appear in the WORK_DIR/restricted-usernames file only.
- #
- DENY_THRESHOLD_RESTRICTED = 1
- #
- #######################################################################
- #######################################################################
- #
- # WORK_DIR: the path that DenyHosts will use for writing data to
- # (it will be created if it does not already exist).
- #
- # Note: it is recommended that you use an absolute pathname
- # for this value (eg. /home/foo/denyhosts/data)
- #
- WORK_DIR = /usr/local/share/denyhosts/data
- #
- #######################################################################
- #######################################################################
- #
- # SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS
- #
- # SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES|NO
- # If set to YES, if a suspicious login attempt results from an allowed-host
- # then it is considered suspicious. If this is NO, then suspicious logins
- # from allowed-hosts will not be reported. All suspicious logins from
- # ip addresses that are not in allowed-hosts will always be reported.
- #
- SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
- ######################################################################
- ######################################################################
- #
- # HOSTNAME_LOOKUP
- #
- # HOSTNAME_LOOKUP=YES|NO
- # If set to YES, for each IP address that is reported by Denyhosts,
- # the corresponding hostname will be looked up and reported as well
- # (if available).
- #
- HOSTNAME_LOOKUP=NO
- #
- ######################################################################
- ######################################################################
- #
- # LOCK_FILE
- #
- # LOCK_FILE=/path/denyhosts
- # If this file exists when DenyHosts is run, then DenyHosts will exit
- # immediately. Otherwise, this file will be created upon invocation
- # and deleted upon exit. This ensures that only one instance is
- # running at a time.
- #
- # Redhat/Fedora:
- #LOCK_FILE = /var/lock/subsys/denyhosts
- #
- # Debian (and FreeBSD)
- LOCK_FILE = /var/run/denyhosts.pid
- #
- # Misc
- #LOCK_FILE = /tmp/denyhosts.lock
- #
- ######################################################################
- ############ THESE SETTINGS ARE OPTIONAL ############
- #######################################################################
- #
- # ADMIN_EMAIL: if you would like to receive emails regarding newly
- # restricted hosts and suspicious logins, set this address to
- # match your email address. If you do not want to receive these reports
- # leave this field blank (or run with the --noemail option)
- #
- # Multiple email addresses can be delimited by a comma, eg:
- # ADMIN_EMAIL = foo@bar.com, bar@foo.com, etc@foobar.com
- #
- #ADMIN_EMAIL =
- #
- #######################################################################
- #######################################################################
- #
- # SMTP_HOST and SMTP_PORT: if DenyHosts is configured to email
- # reports (see ADMIN_EMAIL) then these settings specify the
- # email server address (SMTP_HOST) and the server port (SMTP_PORT)
- #
- #
- SMTP_HOST = localhost
- SMTP_PORT = 25
- #
- #######################################################################
- #######################################################################
- #
- # SMTP_USERNAME and SMTP_PASSWORD: set these parameters if your
- # smtp email server requires authentication
- #
- #SMTP_USERNAME=foo
- #SMTP_PASSWORD=bar
- #
- ######################################################################
- #######################################################################
- #
- # SMTP_FROM: you can specify the "From:" address in messages sent
- # from DenyHosts when it reports thwarted abuse attempts
- #
- SMTP_FROM = DenyHosts <nobody@localhost>
- #
- #######################################################################
- #######################################################################
- #
- # SMTP_SUBJECT: you can specify the "Subject:" of messages sent
- # by DenyHosts when it reports thwarted abuse attempts
- SMTP_SUBJECT = DenyHosts Report
- #
- ######################################################################
- ######################################################################
- #
- # SMTP_DATE_FORMAT: specifies the format used for the "Date:" header
- # when sending email messages.
- #
- # for possible values for this parameter refer to: man strftime
- #
- # the default:
- #
- #SMTP_DATE_FORMAT = %a, %d %b %Y %H:%M:%S %z
- #
- ######################################################################
- ######################################################################
- #
- # SYSLOG_REPORT
- #
- # SYSLOG_REPORT=YES|NO
- # If set to yes, when denied hosts are recorded the report data
- # will be sent to syslog (syslog must be present on your system).
- # The default is: NO
- #
- #SYSLOG_REPORT=NO
- #
- #SYSLOG_REPORT=YES
- #
- ######################################################################
- ######################################################################
- #
- # ALLOWED_HOSTS_HOSTNAME_LOOKUP
- #
- # ALLOWED_HOSTS_HOSTNAME_LOOKUP=YES|NO
- # If set to YES, for each entry in the WORK_DIR/allowed-hosts file,
- # the hostname will be looked up. If your versions of tcp_wrappers
- # and sshd sometimes log hostnames in addition to ip addresses
- # then you may wish to specify this option.
- #
- #ALLOWED_HOSTS_HOSTNAME_LOOKUP=NO
- #
- ######################################################################
- ######################################################################
- #
- # AGE_RESET_VALID: Specifies the period of time between failed login
- # attempts that, when exceeded will result in the failed count for
- # this host to be reset to 0. This value applies to login attempts
- # to all valid users (those within /etc/passwd) with the
- # exception of root. If not defined, this count will never
- # be reset.
- #
- # See the comments in the PURGE_DENY section (above)
- # for details on specifying this value or for complete details
- # refer to: http://denyhosts.sourceforge.net/faq.html#timespec
- #
- AGE_RESET_VALID=5d
- #
- ######################################################################
- ######################################################################
- #
- # AGE_RESET_ROOT: Specifies the period of time between failed login
- # attempts that, when exceeded will result in the failed count for
- # this host to be reset to 0. This value applies to all login
- # attempts to the "root" user account. If not defined,
- # this count will never be reset.
- #
- # See the comments in the PURGE_DENY section (above)
- # for details on specifying this value or for complete details
- # refer to: http://denyhosts.sourceforge.net/faq.html#timespec
- #
- AGE_RESET_ROOT=25d
- #
- ######################################################################
- ######################################################################
- #
- # AGE_RESET_RESTRICTED: Specifies the period of time between failed login
- # attempts that, when exceeded will result in the failed count for
- # this host to be reset to 0. This value applies to all login
- # attempts to entries found in the WORK_DIR/restricted-usernames file.
- # If not defined, the count will never be reset.
- #
- # See the comments in the PURGE_DENY section (above)
- # for details on specifying this value or for complete details
- # refer to: http://denyhosts.sourceforge.net/faq.html#timespec
- #
- AGE_RESET_RESTRICTED=25d
- #
- ######################################################################
- ######################################################################
- #
- # AGE_RESET_INVALID: Specifies the period of time between failed login
- # attempts that, when exceeded will result in the failed count for
- # this host to be reset to 0. This value applies to login attempts
- # made to any invalid username (those that do not appear
- # in /etc/passwd). If not defined, count will never be reset.
- #
- # See the comments in the PURGE_DENY section (above)
- # for details on specifying this value or for complete details
- # refer to: http://denyhosts.sourceforge.net/faq.html#timespec
- #
- AGE_RESET_INVALID=10d
- #
- ######################################################################
- ######################################################################
- #
- # RESET_ON_SUCCESS: If this parameter is set to "yes" then the
- # failed count for the respective ip address will be reset to 0
- # if the login is successful.
- #
- # The default is RESET_ON_SUCCESS = no
- #
- #RESET_ON_SUCCESS = yes
- #
- #####################################################################
- ######################################################################
- #
- # PLUGIN_DENY: If set, this value should point to an executable
- # program that will be invoked when a host is added to the
- # HOSTS_DENY file. This executable will be passed the host
- # that will be added as it's only argument.
- #
- #PLUGIN_DENY=/usr/bin/true
- #
- ######################################################################
- ######################################################################
- #
- # PLUGIN_PURGE: If set, this value should point to an executable
- # program that will be invoked when a host is removed from the
- # HOSTS_DENY file. This executable will be passed the host
- # that is to be purged as it's only argument.
- #
- #PLUGIN_PURGE=/usr/bin/true
- #
- ######################################################################
- ######################################################################
- #
- # USERDEF_FAILED_ENTRY_REGEX: if set, this value should contain
- # a regular expression that can be used to identify additional
- # hackers for your particular ssh configuration. This functionality
- # extends the built-in regular expressions that DenyHosts uses.
- # This parameter can be specified multiple times.
- # See this faq entry for more details:
- # http://denyhosts.sf.net/faq.html#userdef_regex
- #
- USERDEF_FAILED_ENTRY_REGEX=[a|A]uthentication error for (?P<invalid>invalid user |illegal user )?(?P<user>.*?) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})
- USERDEF_FAILED_ENTRY_REGEX=[a|A]uthentication error for (?P<invalid>invalid user |illegal user )?(?P<user>.*?) from (?P<host>.*)
- # sorry no entries for IPv6 address yet :(
- #
- #
- ######################################################################
- ######### THESE SETTINGS ARE SPECIFIC TO DAEMON MODE ##########
- #######################################################################
- #
- # DAEMON_LOG: when DenyHosts is run in daemon mode (--daemon flag)
- # this is the logfile that DenyHosts uses to report it's status.
- # To disable logging, leave blank. (default is: /var/log/denyhosts)
- #
- DAEMON_LOG = /var/log/denyhosts
- #
- # disable logging:
- #DAEMON_LOG =
- #
- ######################################################################
- #######################################################################
- #
- # DAEMON_LOG_TIME_FORMAT: when DenyHosts is run in daemon mode
- # (--daemon flag) this specifies the timestamp format of
- # the DAEMON_LOG messages (default is the ISO8061 format:
- # ie. 2005-07-22 10:38:01,745)
- #
- # for possible values for this parameter refer to: man strftime
- #
- # Jan 1 13:05:59
- #DAEMON_LOG_TIME_FORMAT = %b %d %H:%M:%S
- #
- # Jan 1 01:05:59
- #DAEMON_LOG_TIME_FORMAT = %b %d %I:%M:%S
- #
- ######################################################################
- #######################################################################
- #
- # DAEMON_LOG_MESSAGE_FORMAT: when DenyHosts is run in daemon mode
- # (--daemon flag) this specifies the message format of each logged
- # entry. By default the following format is used:
- #
- # %(asctime)s - %(name)-12s: %(levelname)-8s %(message)s
- #
- # Where the "%(asctime)s" portion is expanded to the format
- # defined by DAEMON_LOG_TIME_FORMAT
- #
- # This string is passed to python's logging.Formatter contstuctor.
- # For details on the possible format types please refer to:
- # http://docs.python.org/lib/node357.html
- #
- # This is the default:
- #DAEMON_LOG_MESSAGE_FORMAT = %(asctime)s - %(name)-12s: %(levelname)-8s %(message)s
- #
- #
- ######################################################################
- #######################################################################
- #
- # DAEMON_SLEEP: when DenyHosts is run in daemon mode (--daemon flag)
- # this is the amount of time DenyHosts will sleep between polling
- # the SECURE_LOG. See the comments in the PURGE_DENY section (above)
- # for details on specifying this value or for complete details
- # refer to: http://denyhosts.sourceforge.net/faq.html#timespec
- #
- #
- DAEMON_SLEEP = 30s
- #
- #######################################################################
- #######################################################################
- #
- # DAEMON_PURGE: How often should DenyHosts, when run in daemon mode,
- # run the purge mechanism to expire old entries in HOSTS_DENY
- # This has no effect if PURGE_DENY is blank.
- #
- DAEMON_PURGE = 1h
- #
- #######################################################################
- ######### THESE SETTINGS ARE SPECIFIC TO ##########
- ######### DAEMON SYNCHRONIZATION ##########
- #######################################################################
- #
- # Synchronization mode allows the DenyHosts daemon the ability
- # to periodically send and receive denied host data such that
- # DenyHosts daemons worldwide can automatically inform one
- # another regarding banned hosts. This mode is disabled by
- # default, you must uncomment SYNC_SERVER to enable this mode.
- #
- # for more information, please refer to:
- # http:/denyhosts.sourceforge.net/faq.html#sync
- #
- #######################################################################
- #######################################################################
- #
- # SYNC_SERVER: The central server that communicates with DenyHost
- # daemons. Currently, denyhosts.net is the only available server
- # however, in the future, it may be possible for organizations to
- # install their own server for internal network synchronization
- #
- # To disable synchronization (the default), do nothing.
- #
- # To enable synchronization, you must uncomment the following line:
- #SYNC_SERVER = http://xmlrpc.denyhosts.net:9911
- #
- #######################################################################
- #######################################################################
- #
- # SYNC_INTERVAL: the interval of time to perform synchronizations if
- # SYNC_SERVER has been uncommented. The default is 1 hour.
- #
- #SYNC_INTERVAL = 1h
- #
- #######################################################################
- #######################################################################
- #
- # SYNC_UPLOAD: allow your DenyHosts daemon to transmit hosts that have
- # been denied? This option only applies if SYNC_SERVER has
- # been uncommented.
- # The default is SYNC_UPLOAD = yes
- #
- #SYNC_UPLOAD = no
- #SYNC_UPLOAD = yes
- #
- #######################################################################
- #######################################################################
- #
- # SYNC_DOWNLOAD: allow your DenyHosts daemon to receive hosts that have
- # been denied by others? This option only applies if SYNC_SERVER has
- # been uncommented.
- # The default is SYNC_DOWNLOAD = yes
- #
- #SYNC_DOWNLOAD = no
- #SYNC_DOWNLOAD = yes
- #
- #
- #
- #######################################################################
- #######################################################################
- #
- # SYNC_DOWNLOAD_THRESHOLD: If SYNC_DOWNLOAD is enabled this parameter
- # filters the returned hosts to those that have been blocked this many
- # times by others. That is, if set to 1, then if a single DenyHosts
- # server has denied an ip address then you will receive the denied host.
- #
- # See also SYNC_DOWNLOAD_RESILIENCY
- #
- #SYNC_DOWNLOAD_THRESHOLD = 10
- #
- # The default is SYNC_DOWNLOAD_THRESHOLD = 3
- #
- #SYNC_DOWNLOAD_THRESHOLD = 3
- #
- #######################################################################
- #######################################################################
- #
- # SYNC_DOWNLOAD_RESILIENCY: If SYNC_DOWNLOAD is enabled then the
- # value specified for this option limits the downloaded data
- # to this resiliency period or greater.
- #
- # Resiliency is defined as the timespan between a hackers first known
- # attack and it's most recent attack. Example:
- #
- # If the centralized denyhosts.net server records an attack at 2 PM
- # and then again at 5 PM, specifying a SYNC_DOWNLOAD_RESILIENCY = 4h
- # will not download this ip address.
- #
- # However, if the attacker is recorded again at 6:15 PM then the
- # ip address will be downloaded by your DenyHosts instance.
- #
- # This value is used in conjunction with the SYNC_DOWNLOAD_THRESHOLD
- # and only hosts that satisfy both values will be downloaded.
- # This value has no effect if SYNC_DOWNLOAD_THRESHOLD = 1
- #
- # The default is SYNC_DOWNLOAD_RESILIENCY = 5h (5 hours)
- #
- # Only obtain hackers that have been at it for 2 days or more:
- #SYNC_DOWNLOAD_RESILIENCY = 2d
- #
- # Only obtain hackers that have been at it for 5 hours or more:
- #SYNC_DOWNLOAD_RESILIENCY = 5h
- #
- #######################################################################
- # путь к логу авторизации
- SECURE_LOG = /var/log/auth.log
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement