--- denyhosts.conf.orig 2020-05-08 14:20:42 UTC +++ denyhosts.conf @@ -12,7 +12,7 @@ #SECURE_LOG = /var/log/secure # # Mandrake, FreeBSD or OpenBSD: -#SECURE_LOG = /var/log/auth.log +SECURE_LOG = /var/log/auth.log # # SuSE or Gentoo: #SECURE_LOG = /var/log/messages @@ -25,7 +25,7 @@ #SECURE_LOG=/private/var/log/system.log # # Debian and Ubuntu -SECURE_LOG = /var/log/auth.log +#SECURE_LOG = /var/log/auth.log ######################################################################## ######################################################################## @@ -33,7 +33,8 @@ SECURE_LOG = /var/log/auth.log # HOSTS_DENY: the file which contains restricted host access information # # Most operating systems: -HOSTS_DENY = /etc/hosts.deny +#HOSTS_DENY = /etc/hosts.deny +HOSTS_DENY = /etc/hosts.deniedssh # # Some BSD (FreeBSD) Unixes: #HOSTS_DENY = /etc/hosts.allow @@ -92,7 +93,7 @@ PURGE_DENY = # To block all services for the offending host: #BLOCK_SERVICE = ALL # To block only sshd: -BLOCK_SERVICE = sshd +#BLOCK_SERVICE = sshd # To only record the offending host and nothing else (if using # an auxilary file to list the hosts). Refer to: # http://denyhost.sourceforge.net/faq.html#aux @@ -162,7 +163,8 @@ DETECT_DOVECOT_LOGIN_ATTEMPTS = NO # Note: it is recommended that you use an absolute pathname # for this value (eg. /home/foo/denyhost/data) # -WORK_DIR = /var/lib/denyhosts +#WORK_DIR = /var/lib/denyhosts +WORK_DIR = %%PREFIX%%/share/denyhosts/data # ####################################################################### @@ -221,8 +223,10 @@ HOSTNAME_LOOKUP=NO #LOCK_FILE = /var/lock/subsys/denyhosts # # Debian or Gentoo -LOCK_FILE = /run/denyhosts.pid +#LOCK_FILE = /run/denyhosts.pid # +# FreeBSD +LOCK_FILE = /var/run/denyhosts.pid # Misc #LOCK_FILE = /tmp/denyhosts.lock # @@ -508,6 +512,8 @@ AGE_RESET_INVALID=10d # http://denyhost.sf.net/faq.html#userdef_regex # #USERDEF_FAILED_ENTRY_REGEX= +USERDEF_FAILED_ENTRY_REGEX=[a|A]uthentication error for (?Pinvalid user |illegal user )?(?P.*?) from (::ffff:)?(?P\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) +USERDEF_FAILED_ENTRY_REGEX=[a|A]uthentication error for (?Pinvalid user |illegal user )?(?P.*?) from (?P.*) # # ######################################################################