From 99552c336a6ddb56625c1f82e4e5fe35973e3ed6 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 7 Mar 2012 23:08:59 +0100 Subject: unify the two config files to more sane defaults --- files/Debian/denyhosts.conf | 17 ++++++++++------- files/denyhosts.conf | 4 ++-- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/files/Debian/denyhosts.conf b/files/Debian/denyhosts.conf index a186f33..e191fc6 100644 --- a/files/Debian/denyhosts.conf +++ b/files/Debian/denyhosts.conf @@ -57,13 +57,16 @@ HOSTS_DENY = /etc/hosts.deny # 'y' = years # # never purge: -PURGE_DENY = +#PURGE_DENY = # # purge entries older than 1 week #PURGE_DENY = 1w # # purge entries older than 5 days #PURGE_DENY = 5d +# +# Take the same value as from the fedora project +PURGE_DENY = 10m ####################################################################### ####################################################################### @@ -107,7 +110,7 @@ BLOCK_SERVICE = sshd # attempts has exceeded this value. This value applies to invalid # user login attempts (eg. non-existent user accounts) # -DENY_THRESHOLD_INVALID = 5 +DENY_THRESHOLD_INVALID = 10 # ####################################################################### @@ -128,7 +131,7 @@ DENY_THRESHOLD_VALID = 10 # login attempts has exceeded this value. This value applies to # "root" user login attempts only. # -DENY_THRESHOLD_ROOT = 1 +DENY_THRESHOLD_ROOT = 3 # ####################################################################### @@ -139,7 +142,7 @@ DENY_THRESHOLD_ROOT = 1 # login attempts has exceeded this value. This value applies to # usernames that appear in the WORK_DIR/restricted-usernames file only. # -DENY_THRESHOLD_RESTRICTED = 1 +DENY_THRESHOLD_RESTRICTED = 3 # ####################################################################### @@ -218,7 +221,7 @@ LOCK_FILE = /var/run/denyhosts.pid # Multiple email addresses can be delimited by a comma, eg: # ADMIN_EMAIL = foo@bar.com, bar@foo.com, etc@foobar.com # -ADMIN_EMAIL = root@localhost +ADMIN_EMAIL = # ####################################################################### @@ -257,7 +260,7 @@ SMTP_FROM = DenyHosts # # SMTP_SUBJECT: you can specify the "Subject:" of messages sent # by DenyHosts when it reports thwarted abuse attempts -SMTP_SUBJECT = DenyHosts Report +SMTP_SUBJECT = DenyHosts Report $[HOSTNAME] # ###################################################################### @@ -499,7 +502,7 @@ DAEMON_SLEEP = 30s # run the purge mechanism to expire old entries in HOSTS_DENY # This has no effect if PURGE_DENY is blank. # -DAEMON_PURGE = 1h +DAEMON_PURGE = 10m # ####################################################################### diff --git a/files/denyhosts.conf b/files/denyhosts.conf index 5780ea0..d17ddab 100644 --- a/files/denyhosts.conf +++ b/files/denyhosts.conf @@ -131,7 +131,7 @@ DENY_THRESHOLD_VALID = 10 # login attempts has exceeded this value. This value applies to # "root" user login attempts only. # -DENY_THRESHOLD_ROOT = 10 +DENY_THRESHOLD_ROOT = 3 # ####################################################################### @@ -142,7 +142,7 @@ DENY_THRESHOLD_ROOT = 10 # login attempts has exceeded this value. This value applies to # usernames that appear in the WORK_DIR/restricted-usernames file only. # -DENY_THRESHOLD_RESTRICTED = 10 +DENY_THRESHOLD_RESTRICTED = 3 # ####################################################################### -- cgit v1.2.3