[CentOS] denyhosts configuration

Dave dave.mehler at gmail.com
Wed Aug 26 20:03:45 UTC 2009


Hello,
	I've installed denyhosts on centos 5.3 trying to block automated
attacks on ssh. It appears to be working in that entries are being added to
/etc/hosts.deny yet the daily emails sent from denyhosts show only one ip
being added perday when the total is many more than that. My config is
below, i've gone over it and am not seeing what i missed. Suggestions
welcome.
	I was also wondering if denyhosts can block other types of robot
attacks such as smtp or port 80?
	Thanks.
Dave.

SECURE_LOG = /var/log/secure
HOSTS_DENY = /etc/hosts.deny
PURGE_DENY = 1w
BLOCK_SERVICE  = sshd
DENY_THRESHOLD_INVALID = 2
DENY_THRESHOLD_VALID = 10
DENY_THRESHOLD_ROOT = 1
DENY_THRESHOLD_RESTRICTED = 1
WORK_DIR = /var/lib/denyhosts
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
HOSTNAME_LOOKUP=NO
LOCK_FILE = /var/lock/subsys/denyhosts
ADMIN_EMAIL = user at example.com
SMTP_HOST = localhost
SMTP_PORT = 25
SMTP_FROM = DenyHosts <nobody at example.com>
SMTP_SUBJECT = DenyHosts Report from $[HOSTNAME]
AGE_RESET_VALID=5d
AGE_RESET_ROOT=25d
AGE_RESET_RESTRICTED=25d
AGE_RESET_INVALID=10d
DAEMON_LOG = /var/log/denyhosts
DAEMON_SLEEP = 30s
DAEMON_PURGE =
SYNC_SERVER = http://xmlrpc.denyhosts.net:9911
SYNC_INTERVAL = 1h
SYNC_UPLOAD = yes
SYNC_DOWNLOAD = yes
SYNC_DOWNLOAD_THRESHOLD = 3
SYNC_DOWNLOAD_RESILIENCY = 2h




More information about the CentOS mailing list