---
# Configuration par défaut du durcissement serveur
hardening_packages:
  - fail2ban
  - ufw
  - unattended-upgrades
  - logrotate
  - rsync

ssh_port: 22
ssh_permit_root_login: "no"
ssh_password_authentication: "no"
ssh_max_auth_tries: 3
ssh_client_alive_interval: 300
ssh_client_alive_count_max: 2

fail2ban_jail_ssh_enabled: true
fail2ban_jail_ssh_maxretry: 3
fail2ban_jail_ssh_bantime: 3600

ufw_default_incoming: deny
ufw_default_outgoing: allow