36 lines
677 B
YAML
36 lines
677 B
YAML
---
|
|
# Configuration SSH par défaut
|
|
ssh_port: 22
|
|
ssh_permit_root_login: "no"
|
|
ssh_password_authentication: "no"
|
|
ssh_pubkey_authentication: "yes"
|
|
ssh_max_auth_tries: 3
|
|
ssh_max_sessions: 10
|
|
ssh_client_alive_interval: 300
|
|
ssh_client_alive_count_max: 2
|
|
|
|
# Configuration Firewall
|
|
firewall_allowed_tcp_ports:
|
|
- 22
|
|
- 25565
|
|
- 25575
|
|
firewall_allowed_udp_ports: []
|
|
|
|
# Configuration Fail2ban
|
|
fail2ban_enabled: true
|
|
fail2ban_bantime: 3600
|
|
fail2ban_findtime: 600
|
|
fail2ban_maxretry: 5
|
|
|
|
# Paquets de sécurité à installer
|
|
security_packages:
|
|
- ufw
|
|
- fail2ban
|
|
- unattended-upgrades
|
|
- apt-listchanges
|
|
- logwatch
|
|
- rkhunter
|
|
- chkrootkit
|
|
|
|
# Administrateurs SSH
|
|
admin_users: [] |