Tips-Of-Mine/Ansible-Minecraft-Server
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

check new version
Some checks failed
Ansible Minecraft Server CI/CD / lint (push) Failing after 21s
Details
Ansible Minecraft Server CI/CD / test (push) Has been skipped
Details
Ansible Minecraft Server CI/CD / deploy (push) Has been skipped
Details

Browse Source
This commit is contained in:
Hubert Cornet
2025-08-27 07:59:19 +02:00
parent 7a2ccb537b
commit 9ea9ac7254
125 changed files with 2696 additions and 1511 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
roles/01-server_hardening/vars/main.yml
View File

@@ -1,13 +1,24 @@
---
# Internal variables for server hardening
security_packages:
- ufw
- fail2ban
- unattended-upgrades
- logwatch
- rkhunter
- chkrootkit
# Variables spécifiques au rôle server_hardening
hardening_sysctl_settings:
- name: net.ipv4.tcp_syncookies
value: 1
- name: net.ipv4.conf.all.rp_filter
value: 1
- name: net.ipv4.conf.default.rp_filter
value: 1
- name: net.ipv4.conf.all.accept_source_route
value: 0
- name: net.ipv4.conf.default.accept_source_route
value: 0
- name: net.ipv4.icmp_echo_ignore_broadcasts
value: 1
- name: net.ipv4.icmp_ignore_bogus_error_responses
value: 1
- name: net.ipv4.conf.all.log_martians
value: 1
- name: net.ipv4.conf.default.log_martians
value: 1
required_directories:
- /var/log/security
- /etc/security/limits.d
ssh_config_file: /etc/ssh/sshd_config
fail2ban_config_dir: /etc/fail2ban