---
# Variables spécifiques au rôle server_hardening
hardening_sysctl_settings:
  - name: net.ipv4.tcp_syncookies
    value: 1
  - name: net.ipv4.conf.all.rp_filter
    value: 1
  - name: net.ipv4.conf.default.rp_filter
    value: 1
  - name: net.ipv4.conf.all.accept_source_route
    value: 0
  - name: net.ipv4.conf.default.accept_source_route
    value: 0
  - name: net.ipv4.icmp_echo_ignore_broadcasts
    value: 1
  - name: net.ipv4.icmp_ignore_bogus_error_responses
    value: 1
  - name: net.ipv4.conf.all.log_martians
    value: 1
  - name: net.ipv4.conf.default.log_martians
    value: 1

ssh_config_file: /etc/ssh/sshd_config
fail2ban_config_dir: /etc/fail2ban