24 lines
672 B
YAML
24 lines
672 B
YAML
---
|
|
# Variables spécifiques au rôle server_hardening
|
|
hardening_sysctl_settings:
|
|
- name: net.ipv4.tcp_syncookies
|
|
value: 1
|
|
- name: net.ipv4.conf.all.rp_filter
|
|
value: 1
|
|
- name: net.ipv4.conf.default.rp_filter
|
|
value: 1
|
|
- name: net.ipv4.conf.all.accept_source_route
|
|
value: 0
|
|
- name: net.ipv4.conf.default.accept_source_route
|
|
value: 0
|
|
- name: net.ipv4.icmp_echo_ignore_broadcasts
|
|
value: 1
|
|
- name: net.ipv4.icmp_ignore_bogus_error_responses
|
|
value: 1
|
|
- name: net.ipv4.conf.all.log_martians
|
|
value: 1
|
|
- name: net.ipv4.conf.default.log_martians
|
|
value: 1
|
|
|
|
ssh_config_file: /etc/ssh/sshd_config
|
|
fail2ban_config_dir: /etc/fail2ban |