gigpark-ec2onrails 0.9.10.3

data/lib/ec2onrails/version.rb

@@ -0,0 +1,29 @@
+#    This file is part of EC2 on Rails.
+#    http://rubyforge.org/projects/ec2onrails/
+#
+#    Copyright 2007 Paul Dowman, http://pauldowman.com/
+#
+#    EC2 on Rails is free software; you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation; either version 2 of the License, or
+#    (at your option) any later version.
+#
+#    EC2 on Rails is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+module Ec2onrails #:nodoc:
+  module VERSION #:nodoc:
+    STRING = "0.9.10.3"
+    
+    AMI_ID_32_BIT_US = 'ami-xx'
+    AMI_ID_64_BIT_US = 'ami-xx'
+    
+    AMI_ID_32_BIT_EU = 'ami-xx'
+    AMI_ID_64_BIT_EU = 'ami-xx'
+  end
+end

data/server/build

@@ -0,0 +1,74 @@
+#!/usr/bin/ruby
+
+#    This file is part of EC2 on Rails.
+#    http://rubyforge.org/projects/ec2onrails/
+#
+#    Copyright 2007 Paul Dowman, http://pauldowman.com/
+#
+#    EC2 on Rails is free software; you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation; either version 2 of the License, or
+#    (at your option) any later version.
+#
+#    EC2 on Rails is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+
+# This script wraps Eric Hammond's ec2ubuntu-build-ami script ( http://alestic.com/ )
+# It passes all args directly to the ec2ubuntu-build-ami script, except for three
+# which it modifies to the following values:
+#   --distribution ubuntu
+#   --codename intrepid
+#   --script /mnt/ec2onrails/server/rakefile-wrapper 
+# Other than those three args (which will be ignored if given) this script should
+# be given the regular ec2ubuntu-build-ami args, for details see the comments at:
+# http://ec2ubuntu.googlecode.com/svn/trunk/bin/ec2ubuntu-build-ami
+
+require "fileutils"
+
+EC2UBUNTU_VERSION = 148
+
+unless File.exist? "/mnt/ec2ubuntu"
+  puts "Installing yum..."
+  system "yum install svn -y"
+end
+
+puts "Getting ec2ubuntu build script..."
+system "svn checkout -r #{EC2UBUNTU_VERSION} http://ec2ubuntu.googlecode.com/svn/trunk/ /mnt/ec2ubuntu"
+
+unless system "which rake"
+  puts "Installing rake..."
+  
+  FileUtils.cd "/tmp" do
+    system "wget http://rubyforge.org/frs/download.php/29752/rake-0.8.1.tgz"
+    system "tar xvf rake-0.8.1.tgz"
+  end
+  FileUtils.cd "/tmp/rake-0.8.1" do
+    system "ruby install.rb"
+  end
+end
+
+# copy all args except the ones we want to overwrite into a new array
+ec2ubuntu_args = []
+(0..(ARGV.size-1)).to_a.delete_if{|n| n%2!=0}.each do |n|
+  unless %w(--distribution --codename --script).include? ARGV[n]
+    ec2ubuntu_args << ARGV[n]
+    ec2ubuntu_args << ARGV[n+1]
+  end
+end
+
+# Call Eric Hammond's build script, passing it all the args that this script was given, 
+# except with our own values for distribution, codename, and script
+system <<-EOS
+  /mnt/ec2ubuntu/bin/ec2ubuntu-build-ami \
+    --distribution ubuntu \
+    --codename jaunty \
+    --script /mnt/ec2onrails/server/rakefile-wrapper \
+    #{ec2ubuntu_args.join(' ')}
+EOS
+

data/server/files/etc/README

@@ -0,0 +1,7 @@
+You can place ERB templates anywhere under /etc and the set_roles script will 
+process them. 
+
+An ERB file named /etc/something.erb will generate an output file named 
+/etc/something
+
+TODO document variables that are available inside the templates

data/server/files/etc/aliases

@@ -0,0 +1,5 @@
+# See man 5 aliases for format
+
+# send all mail to root user.
+postmaster: root
+app:        root

data/server/files/etc/cron.d/ec2onrails

@@ -0,0 +1,16 @@
+#
+# different backup strategies depending on whether the db instance is using Amazon's EBS
+#
+
+# without EBS: 
+#   Incremental backup every 5 minutes
+*/5 * * * *  root  test ! -f /etc/mysql/conf.d/mysql-ec2-ebs.cnf && /usr/local/ec2onrails/bin/backup_app_db --incremental
+
+# without EBS:
+#   Full backup every day at 05:01, reset the binary logs.
+#   First kill any incremental backup that happens to be in progress
+1 5 * * *  root  killall -q -u root backup_app_db ; test ! -f /etc/mysql/conf.d/mysql-ec2-ebs.cnf && /usr/local/ec2onrails/bin/backup_app_db --reset
+
+# with EBS:
+#   Full snapshot every 2 hours
+11 */2 * * *  root  test -f /etc/mysql/conf.d/mysql-ec2-ebs.cnf && /usr/local/ec2onrails/bin/backup_app_db

data/server/files/etc/cron.daily/app

@@ -0,0 +1,31 @@
+#!/bin/sh
+
+#NOTE: you can also call 
+#      /usr/local/ec2onrails/bin/exec_runner
+#      to run a script under a specific role
+#      see the file for details
+
+if test -e /mnt/app/current; then
+  cd /mnt/app/current
+
+  if test -e /mnt/app/current/script/cron/daily; then 
+     if test -f /mnt/app/current/script/cron/daily; then 
+        sudo -u app /usr/local/ec2onrails/bin/rails_env script/cron/daily;
+     else 
+        for f in script/cron/daily/*; do
+           if test -f $f; then 
+              sudo -u app /usr/local/ec2onrails/bin/rails_env $f
+           fi
+        done
+     fi
+     exit 0;
+  fi
+
+  #DEPRECATED: just for old usage....
+  if test -e /mnt/app/current/script/daily
+  then 
+     sudo -u app /usr/local/ec2onrails/bin/rails_env script/daily
+     exit 0;
+  fi
+
+fi

data/server/files/etc/cron.daily/logrotate_post

@@ -0,0 +1,25 @@
+#!/bin/sh
+
+RAILS_ENV=`/usr/local/ec2onrails/bin/rails_env`
+
+if [ -x /mnt/app/current ] ; then
+  logfile=/mnt/app/current/log/$RAILS_ENV.log-`date +%Y%m%d`
+  if [ -e $logfile ] ; then
+    gzip -c $logfile > $logfile.gz
+    /usr/local/ec2onrails/bin/archive_file --file $logfile.gz --dir logs/rails && rm $logfile.gz
+  fi
+fi
+
+for f in `ls /mnt/log/nginx/*.log` ; do
+  logfile=$f-`date +%Y%m%d`
+  if [ -e $logfile ] ; then
+    gzip -c $logfile > $logfile.gz
+    /usr/local/ec2onrails/bin/archive_file --file $logfile.gz --dir logs/nginx && rm $logfile.gz
+  fi
+done
+
+logfile=/mnt/log/varnish/varnishncsa.log-`date +%Y%m%d`
+if [ -e $logfile ] ; then
+  gzip -c $logfile > $logfile.gz
+  /usr/local/ec2onrails/bin/archive_file --file $logfile.gz --dir logs/varnish && rm $logfile.gz
+fi

data/server/files/etc/cron.hourly/app

@@ -0,0 +1,31 @@
+#!/bin/sh
+
+#NOTE: you can also call 
+#      /usr/local/ec2onrails/bin/exec_runner
+#      to run a script under a specific role
+#      see the file for details
+
+if test -e /mnt/app/current; then
+  cd /mnt/app/current
+
+  if test -e /mnt/app/current/script/cron/hourly; then 
+     if test -f /mnt/app/current/script/cron/hourly; then 
+        sudo -u app /usr/local/ec2onrails/bin/rails_env script/cron/hourly;
+     else
+        for f in script/cron/hourly/*; do
+           if test -f $f; then 
+              sudo -u app /usr/local/ec2onrails/bin/rails_env $f
+           fi
+        done
+     fi
+     exit 0;
+  fi
+
+  #DEPRECATED: just for old usage....
+  if test -e /mnt/app/current/script/hourly
+  then 
+     sudo -u app /usr/local/ec2onrails/bin/rails_env script/hourly
+     exit 0;
+  fi
+
+fi

data/server/files/etc/cron.monthly/app

@@ -0,0 +1,31 @@
+#!/bin/sh
+
+#NOTE: you can also call 
+#      /usr/local/ec2onrails/bin/exec_runner
+#      to run a script under a specific role
+#      see the file for details
+
+if test -e /mnt/app/current; then
+  cd /mnt/app/current
+
+  if test -e /mnt/app/current/script/cron/monthly; then 
+     if test -f /mnt/app/current/script/cron/monthly; then 
+        sudo -u app /usr/local/ec2onrails/bin/rails_env script/cron/monthly;
+     else 
+        for f in script/cron/monthly/*; do
+           if test -f $f; then 
+              sudo -u app /usr/local/ec2onrails/bin/rails_env $f
+           fi
+        done
+     fi
+     exit 0;
+  fi
+
+  #DEPRECATED: just for old usage....
+  if test -e /mnt/app/current/script/monthly
+  then 
+     sudo -u app /usr/local/ec2onrails/bin/rails_env script/monthly
+     exit 0;
+  fi
+
+fi

data/server/files/etc/cron.weekly/app

@@ -0,0 +1,31 @@
+#!/bin/sh
+
+#NOTE: you can also call 
+#      /usr/local/ec2onrails/bin/exec_runner
+#      to run a script under a specific role
+#      see the file for details
+
+if test -e /mnt/app/current; then
+  cd /mnt/app/current
+
+  if test -e /mnt/app/current/script/cron/weekly; then 
+     if test -f /mnt/app/current/script/cron/weekly; then 
+        sudo -u app /usr/local/ec2onrails/bin/rails_env script/cron/weekly;
+     else 
+        for f in script/cron/weekly/*; do
+           if test -f $f; then 
+              sudo -u app /usr/local/ec2onrails/bin/rails_env $f
+           fi
+        done
+     fi
+     exit 0;
+  fi
+
+  #DEPRECATED: just for old usage....
+  if test -e /mnt/app/current/script/weekly
+  then 
+     sudo -u app /usr/local/ec2onrails/bin/rails_env script/weekly
+     exit 0;
+  fi
+
+fi

data/server/files/etc/default/varnish

@@ -0,0 +1,33 @@
+# Configuration file for varnish
+#
+# /etc/init.d/varnish expects the variables $DAEMON_OPTS, $NFILES and $MEMLOCK
+# to be set from this shell script fragment.
+#
+
+# Maximum number of open files (for ulimit -n)
+NFILES=131072
+
+# Maximum locked memory size (for ulimit -l)
+# Used for locking the shared memory log in memory.  If you increase log size,
+# you need to increase this number as well
+MEMLOCK=82000
+
+# Default varnish instance name is the local nodename.  Can be overridden with
+# the -n switch, to have more instances on a single server.
+INSTANCE=$(uname -n)
+
+
+# Listen on port 80, administration on localhost:6082, and forward to
+# one content server selected by the vcl file, based on the request.  
+
+# Use a 256 MB fixed-size cache file. 
+# TODO figure out how to configure this so that the varnishd process 
+# doesn't grow so large because we have little or no swap (or add
+# more swap space)
+#
+# TODO pre-allocate the storage space using dd
+#
+DAEMON_OPTS="-a :80 \
+             -T localhost:6082 \
+             -f /etc/varnish/default.vcl \
+             -s file,/mnt/varnish/varnish_storage.bin,256M"

data/server/files/etc/default/varnishncsa

@@ -0,0 +1,11 @@
+# Configuration file for varnishncsa
+#
+# Uncomment this to enable logging for varnish.  Please make sure you have
+# enough disk space for significant amounts of log data.  To disable logging,
+# set the variable to "0", "no", or leave it unset.
+#
+# NCSA log format, to be used by HTTP log analyzers
+VARNISHNCSA_ENABLED=1
+
+LOGFILE=/mnt/log/varnish/varnishncsa.log
+

data/server/files/etc/denyhosts.conf

@@ -0,0 +1,628 @@
+# Ec2onRails NOTE: this file is only used if the :harden_server ec2onrails 
+#                  configuration is set to true
+#
+
+
+       ############ THESE SETTINGS ARE REQUIRED ############
+
+########################################################################
+#
+# SECURE_LOG: the log file that contains sshd logging info
+# if you are not sure, grep "sshd:" /var/log/*
+#
+# The file to process can be overridden with the --file command line
+# argument
+#
+# Redhat or Fedora Core:
+#SECURE_LOG = /var/log/secure
+#
+# Mandrake, FreeBSD or OpenBSD: 
+#SECURE_LOG = /var/log/auth.log
+#
+# SuSE:
+#SECURE_LOG = /var/log/messages
+#
+# Mac OS X (v10.4 or greater - 
+#   also refer to:   http://www.denyhosts.net/faq.html#macos
+#SECURE_LOG = /private/var/log/asl.log
+#
+# Mac OS X (v10.3 or earlier):
+#SECURE_LOG=/private/var/log/system.log
+#
+# Debian:
+SECURE_LOG = /var/log/auth.log
+########################################################################
+
+########################################################################
+#
+# HOSTS_DENY: the file which contains restricted host access information
+#
+# Most operating systems:
+HOSTS_DENY = /etc/hosts.deny
+#
+# Some BSD (FreeBSD) Unixes:
+#HOSTS_DENY = /etc/hosts.allow
+#
+# Another possibility (also see the next option):
+#HOSTS_DENY = /etc/hosts.evil
+#######################################################################
+
+
+########################################################################
+#
+# PURGE_DENY: removed HOSTS_DENY entries that are older than this time
+#             when DenyHosts is invoked with the --purge flag
+#
+#      format is: i[dhwmy]
+#      Where 'i' is an integer (eg. 7) 
+#            'm' = minutes
+#            'h' = hours
+#            'd' = days
+#            'w' = weeks
+#            'y' = years
+#
+PURGE_DENY = 12w
+# never purge:
+#PURGE_DENY = 
+#
+# purge entries older than 1 week
+#PURGE_DENY = 1w
+#
+# purge entries older than 5 days
+#PURGE_DENY = 5d
+#######################################################################
+
+#######################################################################
+#
+# PURGE_THRESHOLD: defines the maximum times a host will be purged.  
+# Once this value has been exceeded then this host will not be purged. 
+# Setting this parameter to 0 (the default) disables this feature.
+#
+# default: a denied host can be purged/re-added indefinitely
+#PURGE_THRESHOLD = 0
+#
+# a denied host will be purged at most 2 times. 
+#PURGE_THRESHOLD = 2 
+#
+#######################################################################
+
+
+#######################################################################
+#
+# BLOCK_SERVICE: the service name that should be blocked in HOSTS_DENY
+# 
+# man 5 hosts_access for details
+#
+# eg.   sshd: 127.0.0.1  # will block sshd logins from 127.0.0.1
+#
+# To block all services for the offending host:
+#BLOCK_SERVICE = ALL
+# To block only sshd:
+BLOCK_SERVICE  = sshd
+# To only record the offending host and nothing else (if using
+# an auxilary file to list the hosts).  Refer to: 
+# http://denyhosts.sourceforge.net/faq.html#aux
+#BLOCK_SERVICE =    
+#
+#######################################################################
+
+
+#######################################################################
+#
+# DENY_THRESHOLD_INVALID: block each host after the number of failed login 
+# attempts has exceeded this value.  This value applies to invalid
+# user login attempts (eg. non-existent user accounts)
+#
+DENY_THRESHOLD_INVALID = 3
+#
+#######################################################################
+
+#######################################################################
+#
+# DENY_THRESHOLD_VALID: block each host after the number of failed 
+# login attempts has exceeded this value.  This value applies to valid
+# user login attempts (eg. user accounts that exist in /etc/passwd) except
+# for the "root" user
+#
+DENY_THRESHOLD_VALID = 3
+#
+#######################################################################
+
+#######################################################################
+#
+# DENY_THRESHOLD_ROOT: block each host after the number of failed 
+# login attempts has exceeded this value.  This value applies to 
+# "root" user login attempts only.
+#
+DENY_THRESHOLD_ROOT = 2
+#
+#######################################################################
+
+
+#######################################################################
+#
+# DENY_THRESHOLD_RESTRICTED: block each host after the number of failed 
+# login attempts has exceeded this value.  This value applies to 
+# usernames that appear in the WORK_DIR/restricted-usernames file only.
+#
+DENY_THRESHOLD_RESTRICTED = 1
+#
+#######################################################################
+
+
+#######################################################################
+#
+# WORK_DIR: the path that DenyHosts will use for writing data to
+# (it will be created if it does not already exist).  
+#
+# Note: it is recommended that you use an absolute pathname
+# for this value (eg. /home/foo/denyhosts/data)
+#
+WORK_DIR = /var/lib/denyhosts
+#
+#######################################################################
+
+#######################################################################
+#
+# SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS
+#
+# SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES|NO
+# If set to YES, if a suspicious login attempt results from an allowed-host
+# then it is considered suspicious.  If this is NO, then suspicious logins 
+# from allowed-hosts will not be reported.  All suspicious logins from 
+# ip addresses that are not in allowed-hosts will always be reported.
+#
+SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
+######################################################################
+
+######################################################################
+#
+# HOSTNAME_LOOKUP
+#
+# HOSTNAME_LOOKUP=YES|NO
+# If set to YES, for each IP address that is reported by Denyhosts,
+# the corresponding hostname will be looked up and reported as well
+# (if available).
+#
+HOSTNAME_LOOKUP=YES
+#
+######################################################################
+
+
+######################################################################
+#
+# LOCK_FILE
+#
+# LOCK_FILE=/path/denyhosts
+# If this file exists when DenyHosts is run, then DenyHosts will exit
+# immediately.  Otherwise, this file will be created upon invocation
+# and deleted upon exit.  This ensures that only one instance is
+# running at a time.
+#
+# Redhat/Fedora:
+#LOCK_FILE = /var/lock/subsys/denyhosts
+#
+# Debian
+LOCK_FILE = /var/run/denyhosts.pid
+#
+# Misc
+#LOCK_FILE = /tmp/denyhosts.lock
+#
+######################################################################
+
+
+       ############ THESE SETTINGS ARE OPTIONAL ############
+
+
+#######################################################################
+#
+# ADMIN_EMAIL: if you would like to receive emails regarding newly
+# restricted hosts and suspicious logins, set this address to 
+# match your email address.  If you do not want to receive these reports
+# leave this field blank (or run with the --noemail option)
+#
+# Multiple email addresses can be delimited by a comma, eg:
+# ADMIN_EMAIL = foo@bar.com, bar@foo.com, etc@foobar.com
+#
+ADMIN_EMAIL = app@localhost
+#
+#######################################################################
+
+#######################################################################
+#
+# SMTP_HOST and SMTP_PORT: if DenyHosts is configured to email 
+# reports (see ADMIN_EMAIL) then these settings specify the 
+# email server address (SMTP_HOST) and the server port (SMTP_PORT)
+# 
+#
+SMTP_HOST = localhost
+SMTP_PORT = 25
+#
+#######################################################################
+
+#######################################################################
+# 
+# SMTP_USERNAME and SMTP_PASSWORD: set these parameters if your 
+# smtp email server requires authentication
+#
+#SMTP_USERNAME=foo
+#SMTP_PASSWORD=bar
+#
+######################################################################
+
+#######################################################################
+#
+# SMTP_FROM: you can specify the "From:" address in messages sent
+# from DenyHosts when it reports thwarted abuse attempts
+#
+SMTP_FROM = DenyHosts <nobody@localhost>
+#
+#######################################################################
+
+#######################################################################
+#
+# SMTP_SUBJECT: you can specify the "Subject:" of messages sent
+# by DenyHosts when it reports thwarted abuse attempts
+SMTP_SUBJECT = DenyHosts Report
+#
+######################################################################
+
+######################################################################
+#
+# SMTP_DATE_FORMAT: specifies the format used for the "Date:" header
+# when sending email messages.
+#
+# for possible values for this parameter refer to: man strftime
+#
+# the default:
+#
+#SMTP_DATE_FORMAT = %a, %d %b %Y %H:%M:%S %z
+#
+######################################################################
+
+######################################################################
+#
+# SYSLOG_REPORT
+#
+# SYSLOG_REPORT=YES|NO
+# If set to yes, when denied hosts are recorded the report data
+# will be sent to syslog (syslog must be present on your system).
+# The default is: NO
+#
+#SYSLOG_REPORT=NO
+#
+#SYSLOG_REPORT=YES
+#
+######################################################################
+
+######################################################################
+#
+# ALLOWED_HOSTS_HOSTNAME_LOOKUP
+#
+# ALLOWED_HOSTS_HOSTNAME_LOOKUP=YES|NO
+# If set to YES, for each entry in the WORK_DIR/allowed-hosts file,
+# the hostname will be looked up.  If your versions of tcp_wrappers
+# and sshd sometimes log hostnames in addition to ip addresses
+# then you may wish to specify this option.
+# 
+#ALLOWED_HOSTS_HOSTNAME_LOOKUP=NO
+#
+######################################################################
+
+###################################################################### 
+# 
+# AGE_RESET_VALID: Specifies the period of time between failed login
+# attempts that, when exceeded will result in the failed count for 
+# this host to be reset to 0.  This value applies to login attempts 
+# to all valid users (those within /etc/passwd) with the 
+# exception of root.  If not defined, this count will never
+# be reset.
+#
+# See the comments in the PURGE_DENY section (above) 
+# for details on specifying this value or for complete details 
+# refer to:  http://denyhosts.sourceforge.net/faq.html#timespec
+#
+AGE_RESET_VALID=5d
+#
+######################################################################
+
+###################################################################### 
+# 
+# AGE_RESET_ROOT: Specifies the period of time between failed login
+# attempts that, when exceeded will result in the failed count for 
+# this host to be reset to 0.  This value applies to all login 
+# attempts to the "root" user account.  If not defined,
+# this count will never be reset.
+#
+# See the comments in the PURGE_DENY section (above) 
+# for details on specifying this value or for complete details 
+# refer to:  http://denyhosts.sourceforge.net/faq.html#timespec
+#
+AGE_RESET_ROOT=25d
+#
+######################################################################
+
+###################################################################### 
+# 
+# AGE_RESET_RESTRICTED: Specifies the period of time between failed login
+# attempts that, when exceeded will result in the failed count for 
+# this host to be reset to 0.  This value applies to all login 
+# attempts to entries found in the WORK_DIR/restricted-usernames file.  
+# If not defined, the count will never be reset.
+#
+# See the comments in the PURGE_DENY section (above) 
+# for details on specifying this value or for complete details 
+# refer to:  http://denyhosts.sourceforge.net/faq.html#timespec
+#
+AGE_RESET_RESTRICTED=25d
+#
+######################################################################
+
+
+###################################################################### 
+# 
+# AGE_RESET_INVALID: Specifies the period of time between failed login
+# attempts that, when exceeded will result in the failed count for 
+# this host to be reset to 0.  This value applies to login attempts 
+# made to any invalid username (those that do not appear 
+# in /etc/passwd).  If not defined, count will never be reset.
+#
+# See the comments in the PURGE_DENY section (above) 
+# for details on specifying this value or for complete details 
+# refer to:  http://denyhosts.sourceforge.net/faq.html#timespec
+#
+AGE_RESET_INVALID=10d
+#
+######################################################################
+
+
+######################################################################
+#
+# RESET_ON_SUCCESS: If this parameter is set to "yes" then the
+# failed count for the respective ip address will be reset to 0
+# if the login is successful.  
+#
+# The default is RESET_ON_SUCCESS = no
+#
+RESET_ON_SUCCESS = yes
+#
+#####################################################################
+
+
+######################################################################
+#
+# PLUGIN_DENY: If set, this value should point to an executable
+# program that will be invoked when a host is added to the
+# HOSTS_DENY file.  This executable will be passed the host
+# that will be added as its only argument.
+#
+#PLUGIN_DENY=/usr/bin/true
+#
+######################################################################
+
+
+######################################################################
+#
+# PLUGIN_PURGE: If set, this value should point to an executable
+# program that will be invoked when a host is removed from the
+# HOSTS_DENY file.  This executable will be passed the host
+# that is to be purged as its only argument.
+#
+#PLUGIN_PURGE=/usr/bin/true
+#
+######################################################################
+
+######################################################################
+#
+# USERDEF_FAILED_ENTRY_REGEX: if set, this value should contain
+# a regular expression that can be used to identify additional
+# hackers for your particular ssh configuration.  This functionality
+# extends the built-in regular expressions that DenyHosts uses.
+# This parameter can be specified multiple times.
+# See this faq entry for more details:
+#    http://denyhosts.sf.net/faq.html#userdef_regex
+#
+#USERDEF_FAILED_ENTRY_REGEX=
+#
+#
+######################################################################
+
+
+
+
+   ######### THESE SETTINGS ARE SPECIFIC TO DAEMON MODE  ##########
+
+
+
+#######################################################################
+#
+# DAEMON_LOG: when DenyHosts is run in daemon mode (--daemon flag)
+# this is the logfile that DenyHosts uses to report its status.
+# To disable logging, leave blank.  (default is: /var/log/denyhosts)
+#
+DAEMON_LOG = /var/log/denyhosts
+#
+# disable logging:
+#DAEMON_LOG = 
+#
+######################################################################
+
+#######################################################################
+# 
+# DAEMON_LOG_TIME_FORMAT: when DenyHosts is run in daemon mode 
+# (--daemon flag) this specifies the timestamp format of 
+# the DAEMON_LOG messages (default is the ISO8061 format:
+# ie. 2005-07-22 10:38:01,745)
+#
+# for possible values for this parameter refer to: man strftime
+#
+# Jan 1 13:05:59   
+#DAEMON_LOG_TIME_FORMAT = %b %d %H:%M:%S
+#
+# Jan 1 01:05:59 
+#DAEMON_LOG_TIME_FORMAT = %b %d %I:%M:%S
+#
+###################################################################### 
+
+#######################################################################
+# 
+# DAEMON_LOG_MESSAGE_FORMAT: when DenyHosts is run in daemon mode 
+# (--daemon flag) this specifies the message format of each logged
+# entry.  By default the following format is used:
+#
+# %(asctime)s - %(name)-12s: %(levelname)-8s %(message)s
+#
+# Where the "%(asctime)s" portion is expanded to the format
+# defined by DAEMON_LOG_TIME_FORMAT
+#
+# This string is passed to python's logging.Formatter contstuctor.
+# For details on the possible format types please refer to:
+# http://docs.python.org/lib/node357.html
+#
+# This is the default:
+#DAEMON_LOG_MESSAGE_FORMAT = %(asctime)s - %(name)-12s: %(levelname)-8s %(message)s
+#
+#
+###################################################################### 
+
+ 
+#######################################################################
+#
+# DAEMON_SLEEP: when DenyHosts is run in daemon mode (--daemon flag)
+# this is the amount of time DenyHosts will sleep between polling
+# the SECURE_LOG.  See the comments in the PURGE_DENY section (above)
+# for details on specifying this value or for complete details
+# refer to:    http://denyhosts.sourceforge.net/faq.html#timespec
+# 
+#
+DAEMON_SLEEP = 1m
+#
+#######################################################################
+
+#######################################################################
+#
+# DAEMON_PURGE: How often should DenyHosts, when run in daemon mode,
+# run the purge mechanism to expire old entries in HOSTS_DENY
+# This has no effect if PURGE_DENY is blank.
+#
+DAEMON_PURGE = 1h
+#
+#######################################################################
+
+
+   #########   THESE SETTINGS ARE SPECIFIC TO     ##########
+   #########       DAEMON SYNCHRONIZATION         ##########
+
+
+#######################################################################
+#
+# Synchronization mode allows the DenyHosts daemon the ability
+# to periodically send and receive denied host data such that 
+# DenyHosts daemons worldwide can automatically inform one
+# another regarding banned hosts.   This mode is disabled by
+# default, you must uncomment SYNC_SERVER to enable this mode.
+#
+# for more information, please refer to: 
+#        http:/denyhosts.sourceforge.net/faq.html#sync 
+#
+#######################################################################
+
+
+#######################################################################
+#
+# SYNC_SERVER: The central server that communicates with DenyHost
+# daemons.  Currently, denyhosts.net is the only available server
+# however, in the future, it may be possible for organizations to
+# install their own server for internal network synchronization
+#
+# To disable synchronization (the default), do nothing. 
+#
+# To enable synchronization, you must uncomment the following line:
+#SYNC_SERVER = http://xmlrpc.denyhosts.net:9911
+#
+#######################################################################
+
+#######################################################################
+#
+# SYNC_INTERVAL: the interval of time to perform synchronizations if
+# SYNC_SERVER has been uncommented.  The default is 1 hour.
+# 
+#SYNC_INTERVAL = 1h
+#
+#######################################################################
+
+
+#######################################################################
+#
+# SYNC_UPLOAD: allow your DenyHosts daemon to transmit hosts that have
+# been denied?  This option only applies if SYNC_SERVER has
+# been uncommented.
+# The default is SYNC_UPLOAD = yes
+#
+#SYNC_UPLOAD = no
+#SYNC_UPLOAD = yes
+#
+#######################################################################
+
+
+#######################################################################
+#
+# SYNC_DOWNLOAD: allow your DenyHosts daemon to receive hosts that have
+# been denied by others?  This option only applies if SYNC_SERVER has
+# been uncommented.
+# The default is SYNC_DOWNLOAD = yes
+#
+#SYNC_DOWNLOAD = no
+#SYNC_DOWNLOAD = yes
+#
+#
+#
+#######################################################################
+
+#######################################################################
+#
+# SYNC_DOWNLOAD_THRESHOLD: If SYNC_DOWNLOAD is enabled this parameter
+# filters the returned hosts to those that have been blocked this many
+# times by others.  That is, if set to 1, then if a single DenyHosts
+# server has denied an ip address then you will receive the denied host.
+# 
+# See also SYNC_DOWNLOAD_RESILIENCY
+#
+#SYNC_DOWNLOAD_THRESHOLD = 10
+#
+# The default is SYNC_DOWNLOAD_THRESHOLD = 3 
+#
+#SYNC_DOWNLOAD_THRESHOLD = 3
+#
+#######################################################################
+
+#######################################################################
+#
+# SYNC_DOWNLOAD_RESILIENCY:  If SYNC_DOWNLOAD is enabled then the
+# value specified for this option limits the downloaded data
+# to this resiliency period or greater.
+#
+# Resiliency is defined as the timespan between a hackers first known 
+# attack and its most recent attack.  Example:
+# 
+# If the centralized   denyhosts.net server records an attack at 2 PM 
+# and then again at 5 PM, specifying a SYNC_DOWNLOAD_RESILIENCY = 4h 
+# will not download this ip address.
+#
+# However, if the attacker is recorded again at 6:15 PM then the 
+# ip address will be downloaded by your DenyHosts instance.  
+#
+# This value is used in conjunction with the SYNC_DOWNLOAD_THRESHOLD 
+# and only hosts that satisfy both values will be downloaded.  
+# This value has no effect if SYNC_DOWNLOAD_THRESHOLD = 1 
+#
+# The default is SYNC_DOWNLOAD_RESILIENCY = 5h (5 hours)
+#
+# Only obtain hackers that have been at it for 2 days or more:
+#SYNC_DOWNLOAD_RESILIENCY = 2d
+#
+# Only obtain hackers that have been at it for 5 hours or more:
+#SYNC_DOWNLOAD_RESILIENCY = 5h
+#
+#######################################################################
+