check new version

roles/01-server_hardening/defaults/main.yml

@@ -1,22 +1,36 @@
 ---
-# SSH Configuration
+# Configuration SSH par défaut
 ssh_port: 22
-ssh_permit_root_login: false
-ssh_password_authentication: false
+ssh_permit_root_login: "no"
+ssh_password_authentication: "no"
+ssh_pubkey_authentication: "yes"
 ssh_max_auth_tries: 3
+ssh_max_sessions: 10
 ssh_client_alive_interval: 300
 ssh_client_alive_count_max: 2
 
-# Firewall Configuration
-firewall_allowed_ports:
-  - "{{ ssh_port }}/tcp"
-  - "25565/tcp"  # Minecraft default port
+# Configuration Firewall
+firewall_allowed_tcp_ports:
+  - 22
+  - 25565
+  - 25575
+firewall_allowed_udp_ports: []
 
-# Fail2ban Configuration
-fail2ban_jail_ssh_enabled: true
-fail2ban_jail_ssh_port: "{{ ssh_port }}"
-fail2ban_jail_ssh_maxretry: 3
-fail2ban_jail_ssh_bantime: 600
+# Configuration Fail2ban
+fail2ban_enabled: true
+fail2ban_bantime: 3600
+fail2ban_findtime: 600
+fail2ban_maxretry: 5
 
-# System users
+# Paquets de sécurité à installer
+security_packages:
+  - ufw
+  - fail2ban
+  - unattended-upgrades
+  - apt-listchanges
+  - logwatch
+  - rkhunter
+  - chkrootkit
+
+# Administrateurs SSH
 admin_users: []