Denyhosts blocks IP addresses from which SSH breakin attempts are detected.

found here - Homepage

Blocked IP addresses are added to /etc/hosts.deny.

DenyHosts is available at www.slackbuilds.org

After intall copy config files to /etc:

cp /usr/share/denyhosts/denyhosts.cfg-dist /etc/denyhosts.cfg
ln /usr/share/denyhosts/denyhosts.cfg-dist /etc/denyhosts.cfg.sborg
cp /usr/share/denyhosts/daemon-control-dist /etc/rc.d/rc.denyhosts
ln /usr/share/denyhosts/daemon-control-dist /etc/rc.d/rc.denyhosts.sborg

Edit /etc/rc.d/rc.denyhosts:

--- rc.denyhosts.sborg  2006-04-22 01:04:43.000000000 +0200
+++ rc.denyhosts        2013-11-22 09:59:08.803109065 +0100
@@ -12,8 +12,8 @@
 ###############################################
 
 DENYHOSTS_BIN   = "/usr/bin/denyhosts.py"
-DENYHOSTS_LOCK  = "/var/lock/subsys/denyhosts"
-DENYHOSTS_CFG   = "/usr/share/denyhosts/denyhosts.cfg"
+DENYHOSTS_LOCK  = "/var/run/denyhosts.pid"
+DENYHOSTS_CFG   = "/etc/denyhosts.cfg"
 
 PYTHON_BIN      = "/usr/bin/env python"

Edit /etc/denyhosts.cfg:

--- denyhosts.cfg.sborg 2006-08-20 16:09:57.000000000 +0200
+++ denyhosts.cfg       2013-11-22 10:21:38.564117102 +0100
@@ -9,13 +9,13 @@
 # argument
 #
 # Redhat or Fedora Core:
-SECURE_LOG = /var/log/secure
+#SECURE_LOG = /var/log/secure
 #
 # Mandrake, FreeBSD or OpenBSD:
 #SECURE_LOG = /var/log/auth.log
 #
 # SuSE:
-#SECURE_LOG = /var/log/messages
+SECURE_LOG = /var/log/messages
 #
 # Mac OS X (v10.4 or greater -
 #   also refer to:   http://www.denyhosts.net/faq.html#macos
@@ -55,10 +55,10 @@
 #            'y' = years
 #
 # never purge:
-PURGE_DENY =
+#PURGE_DENY =
 #
 # purge entries older than 1 week
-#PURGE_DENY = 1w
+PURGE_DENY = 1w
 #
 # purge entries older than 5 days
 #PURGE_DENY = 5d
@@ -192,10 +192,10 @@
 # running at a time.
 #
 # Redhat/Fedora:
-LOCK_FILE = /var/lock/subsys/denyhosts
+#LOCK_FILE = /var/lock/subsys/denyhosts
 #
 # Debian
-#LOCK_FILE = /var/run/denyhosts.pid
+LOCK_FILE = /var/run/denyhosts.pid
 #
 # Misc
 #LOCK_FILE = /tmp/denyhosts.lock

Finally add

/etc/rc.d/rc.denyhosts start

to /etc/rc.d/rc.local

More info at /usr/share/denyhosts/README.txt

Check if blocked hosts really get purged after 1 week!

Install denyhosts with aptitude install denyhosts. This also adds the necessary autstart scripts and symlinks in /etc/init.d, /etc/rcX.d and '/etc/logrotate.d. It further sets some default entries in /etc/hosts.deny and starts denyhosts.

Config file is /etc/denyhosts.conf

By doing so, attackers will be blocked from all ports, e.g. HTTP as well. The IP addresses will be unblocked after half a year.
Then restart with /etc/init.d/denyhosts restart.

The software stores its data internally, probably at /usr/share/denyhosts/data. Manual changes in /etc/hosts.deny get overwritten!

Did not find anythind regarding this topic on the homepage of denyhosts. So here is workaround to delete all blocked hosts:

Stop daemon: /etc/rc.d/rc.denyhosts stop Set PURGE_DENY = 1m in /etc/denyhosts.cfg Run denyhosts.py –purge Restore PURGE_DENY = 1w in /etc/denyhosts.cfg Restart daemon: /etc/rc.d/rc.denyhosts start