This may not be a performance issue, but I have something like 110,000 ips blocked in hosts.deny (2 years of denyhosting). Should I ever clear hosts.deny? Does anyone have any experience with what happens when you do so?
Asked
Active
Viewed 352 times
1 Answers
4
It's safe to remove them. Depending on your version of denyhosts, there may be a provision to purge old entries. You can either zero the files or remove them and restart the daemon.
If you remove the file, it will most-likely be repopulated with the entries from your online /var/log/secure.* - say, the last week or 5 weeks, depending on your daemon config.
I've had older versions of denyhosts slow down considerably as the blocked IP tables grow.
Are you using any of the advanced denyhosts features like the centralized reporting or at least email notification?
ewwhite
- 194,921
- 91
- 434
- 799
-
Hmmm, right, I guess the ideal would be to turn on a rotation so that it cleans itself periodically. I'm not using centralized reporting or email notification within denyhosts per se, though I do receive logs of ips that get denied via logwatch emails. – Kzqai Sep 10 '12 at 15:12
-
Any suggestions for what should I look into to set up deny.hosts rotation? – Kzqai Sep 10 '12 at 15:23