--- denyhosts.cfg-dist.config 2006-08-20 09:09:57.000000000 -0500 +++ denyhosts.cfg-dist 2008-11-13 09:43:20.000000000 -0600 @@ -55,13 +55,18 @@ # 'y' = years # # never purge: -PURGE_DENY = +#PURGE_DENY = # # purge entries older than 1 week #PURGE_DENY = 1w # # purge entries older than 5 days #PURGE_DENY = 5d +# +# For the default Fedora Extras install, we want timestamping but no +# expiration (at least by default) so this is deliberately set high. +# Adjust to taste. +PURGE_DENY = 4w ####################################################################### ####################################################################### @@ -150,7 +155,7 @@ # Note: it is recommended that you use an absolute pathname # for this value (eg. /home/foo/denyhosts/data) # -WORK_DIR = /usr/share/denyhosts/data +WORK_DIR = /var/lib/denyhosts # ####################################################################### @@ -216,7 +221,7 @@ # Multiple email addresses can be delimited by a comma, eg: # ADMIN_EMAIL = foo@bar.com, bar@foo.com, etc@foobar.com # -ADMIN_EMAIL = +ADMIN_EMAIL = root # ####################################################################### @@ -255,7 +260,7 @@ # # SMTP_SUBJECT: you can specify the "Subject:" of messages sent # by DenyHosts when it reports thwarted abuse attempts -SMTP_SUBJECT = DenyHosts Report +SMTP_SUBJECT = DenyHosts Report from $[HOSTNAME] # ###################################################################### @@ -402,6 +407,13 @@ # #PLUGIN_PURGE=/usr/bin/true # +# The following plugin will restore the file contexts on /etc/hosts.deny after +# denyhosts purges old entries. This prevents breakage when selinux is set to +# enforcing mode, but still has a small window where the context is set +# incorrectly. The correct place to fix this is in the selinux policy. +# +#PLUGIN_PURGE=/usr/share/denyhosts/plugins/restorecon.sh +# ###################################################################### ###################################################################### @@ -530,6 +542,8 @@ # To disable synchronization (the default), do nothing. # # To enable synchronization, you must uncomment the following line: +# +# NOTE: Please read README.Fedora before enabling sync #SYNC_SERVER = http://xmlrpc.denyhosts.net:9911 # #######################################################################