--- denyhosts.cfg-dist.orig
+++ denyhosts.cfg-dist
@@ -9,10 +9,10 @@
 # argument
 #
 # Redhat or Fedora Core:
-SECURE_LOG = /var/log/secure
+#SECURE_LOG = /var/log/secure
 #
 # Mandrake, FreeBSD or OpenBSD: 
-#SECURE_LOG = /var/log/auth.log
+SECURE_LOG = /var/log/auth.log
 #
 # SuSE:
 #SECURE_LOG = /var/log/messages
@@ -31,7 +31,7 @@
 # HOSTS_DENY: the file which contains restricted host access information
 #
 # Most operating systems:
-HOSTS_DENY = /etc/hosts.deny
+HOSTS_DENY = /etc/hosts.deniedssh
 #
 # Some BSD (FreeBSD) Unixes:
 #HOSTS_DENY = /etc/hosts.allow
@@ -90,7 +90,7 @@
 # To block all services for the offending host:
 #BLOCK_SERVICE = ALL
 # To block only sshd:
-BLOCK_SERVICE  = sshd
+#BLOCK_SERVICE  = sshd
 # To only record the offending host and nothing else (if using
 # an auxilary file to list the hosts).  Refer to: 
 # http://denyhosts.sourceforge.net/faq.html#aux
@@ -150,7 +150,7 @@
 # Note: it is recommended that you use an absolute pathname
 # for this value (eg. /home/foo/denyhosts/data)
 #
-WORK_DIR = /usr/share/denyhosts/data
+WORK_DIR = %%PREFIX%%/share/denyhosts/data
 #
 #######################################################################
 
@@ -176,7 +176,7 @@
 # the corresponding hostname will be looked up and reported as well
 # (if available).
 #
-HOSTNAME_LOOKUP=YES
+HOSTNAME_LOOKUP=NO
 #
 ######################################################################
 
@@ -192,10 +192,10 @@
 # running at a time.
 #
 # Redhat/Fedora:
-LOCK_FILE = /var/lock/subsys/denyhosts
+#LOCK_FILE = /var/lock/subsys/denyhosts
 #
-# Debian
-#LOCK_FILE = /var/run/denyhosts.pid
+# Debian (and FreeBSD)
+LOCK_FILE = /var/run/denyhosts.pid
 #
 # Misc
 #LOCK_FILE = /tmp/denyhosts.lock
@@ -414,7 +414,9 @@
 # See this faq entry for more details:
 #    http://denyhosts.sf.net/faq.html#userdef_regex
 #
-#USERDEF_FAILED_ENTRY_REGEX=
+USERDEF_FAILED_ENTRY_REGEX=[a|A]uthentication error for (?P<invalid>invalid user |illegal user )?(?P<user>.*?) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})
+USERDEF_FAILED_ENTRY_REGEX=[a|A]uthentication error for (?P<invalid>invalid user |illegal user )?(?P<user>.*?) from (?P<host>.*)
+# sorry no entries for IPv6 address yet :(
 #
 #
 ######################################################################