diff --git a/plugins/ssh/example-graphs/hostdenied-week.png b/plugins/ssh/example-graphs/hostdenied-week.png
new file mode 100644
index 00000000..d7366d3b
Binary files /dev/null and b/plugins/ssh/example-graphs/hostdenied-week.png differ
diff --git a/plugins/ssh/hostdenied b/plugins/ssh/hostdenied
index a0e4854e..e950e6cf 100755
--- a/plugins/ssh/hostdenied
+++ b/plugins/ssh/hostdenied
@@ -44,33 +44,34 @@
 
 # ------------------------------------------------------------------------------------------------------
 DENY="/etc/hosts.deny"
-NAME="$(basename $0)"                                        # component of naming temporary files
+NAME="$(basename "$0")"                                        # component of naming temporary files
 STATEFILE="$MUNIN_PLUGSTATE/$NAME.state"
 COLOUR=(FF0000 DA0024 B60048 91006D 6D0091 4800B6 2400DA 0000FF)  # hot to cold colours
 # ------------------------------------------------------------------------------------------------------
 
 run_autoconf()  {
-        RUN="no"
-        which grep denyhosts basename > /dev/null && RUN="yes"             # only run when grep and denyhost are present
+        RUN="no (denyhosts not found)"
+        command -v denyhosts > /dev/null && RUN="yes"             # only run when denyhosts is present
         echo "$RUN"
 }
 
 
 run_config()  {
-cat << EOF
+	cat << EOF
 graph_title Hosts denied sshd access
 graph_info Hosts denied sshd access in $DENY
 graph_args --base 1000 -l 0
 graph_vlabel Hosts denied
 graph_category security
-age0.label added last 24h
-age0.draw AREA
-age0.colour ${COLOUR[0]}
 EOF
-for AGE in {1..7}; do
-cat << EOF
-age${AGE}.label older than $((AGE*24))h
-age${AGE}.draw STACK
+for AGE in {7..0}; do
+	if [ "${AGE}" = 0 ]; then
+		echo "age${AGE}.label added last 24h"
+	else
+		echo "age${AGE}.label older than $((AGE*24))h"
+	fi
+	cat << EOF
+age${AGE}.draw AREASTACK
 age${AGE}.colour ${COLOUR[$AGE]}
 EOF
 done
@@ -81,17 +82,17 @@ run_fetch()   {
    TOTAL=0
    NOW=$(date +%s)
    sed -n 's/^\# DenyHosts: //;s/ | .*//gp' $DENY |         # strip all but date
-   while read DATE; do
+   while read -r DATE; do
       echo $(((NOW - $(date -d "$DATE" +%s))/86400))        # calculate rule age
-   done > $STATEFILE                                        # rather than going through temp file, the age could be
-   for AGE in {0..6} ; do                                   # used to increment an array element with that index.
-      COUNT="$(grep -c "^$AGE$" $STATEFILE)"                # That'd save grepping for counting from temp file.
+   done > "$STATEFILE"                                      # rather than going through temp file, the age could be
+   for AGE in {6..0} ; do                                   # used to increment an array element with that index.
+      COUNT="$(grep -c "^$AGE$" "$STATEFILE")"              # That'd save grepping for counting from temp file.
       echo "age${AGE}.value $COUNT"                         # produce values for all but oldest
       ((TOTAL+=COUNT))
    done
-   echo "age7.value $(($(grep -c . $STATEFILE)-TOTAL))"     # all non-printed are older
-   rm $STATEFILE
+   echo "age7.value $(($(grep -c . "$STATEFILE")-TOTAL))"   # all non-printed are older
+   rm "$STATEFILE"
 }
 
-run_${1:-"fetch"}
+run_"${1:-fetch}"
 exit 0
diff --git a/t/test-exception-wrapper.expected-failures b/t/test-exception-wrapper.expected-failures
index 575854cb..e82e1965 100644
--- a/t/test-exception-wrapper.expected-failures
+++ b/t/test-exception-wrapper.expected-failures
@@ -417,7 +417,6 @@ plugins/spamassasin/sa-learn
 plugins/sphinx/sphinx_documents
 plugins/squid/squid_efficiency
 plugins/squid/squid_times
-plugins/ssh/hostdenied
 plugins/ssh/openssh-denyhosts
 plugins/ssh/sshd_log
 plugins/streaming/packetship_