diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2014-12-18 15:03:22 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:53:20 +0200 |
| commit | bf3747dcf42909980c37caf7d70aeac6d2048d7a (patch) | |
| tree | 40af93d177179e6c7db655ddb0265875619a71fb /roles/common | |
| parent | 8d167869f36d13268eb5e50e5a1d5f49d8ac1e04 (diff) | |
typo
Diffstat (limited to 'roles/common')
| -rw-r--r-- | roles/common/files/etc/rkhunter.conf | 2 | ||||
| -rw-r--r-- | roles/common/templates/etc/fail2ban/jail.local.j2 | 3 |
2 files changed, 2 insertions, 3 deletions
diff --git a/roles/common/files/etc/rkhunter.conf b/roles/common/files/etc/rkhunter.conf index 9a64a17..542fcfd 100644 --- a/roles/common/files/etc/rkhunter.conf +++ b/roles/common/files/etc/rkhunter.conf @@ -490,41 +490,41 @@ SCRIPTWHITELIST=/usr/sbin/prelink # # This is a space-separated list of filenames. The option may # be specified more than once. The option may use wildcard # characters. # #IMMUTWHITELIST="/sbin/ifup /sbin/ifdown" # # If this option is set to 1, then the immutable-bit test is # reversed. That is, the files are expected to have the bit set. # IMMUTABLE_SET=0 # # Allow the specified hidden directories to be whitelisted. # # This is a space-separated list of directory pathnames. # The option may be specified more than once. The option # may use wildcard characters. # -#ALLOWHIDDENDIR="/etc/.java" +ALLOWHIDDENDIR="/etc/.java" #ALLOWHIDDENDIR="/dev/.static" #ALLOWHIDDENDIR="/dev/.SRC-unix" ALLOWHIDDENDIR="/etc/.git" # # Allow the specified hidden files to be whitelisted. # # This is a space-separated list of filenames. The option may # be specified more than once. The option may use wildcard # characters. # #ALLOWHIDDENFILE="/etc/.java" #ALLOWHIDDENFILE="/usr/share/man/man1/..1.gz" #ALLOWHIDDENFILE="/etc/.pwd.lock" #ALLOWHIDDENFILE="/etc/.init.state" #ALLOWHIDDENFILE="/lib/.libcrypto.so.0.9.8e.hmac /lib/.libcrypto.so.6.hmac" #ALLOWHIDDENFILE="/lib/.libssl.so.0.9.8e.hmac /lib/.libssl.so.6.hmac" #ALLOWHIDDENFILE="/usr/bin/.fipscheck.hmac" #ALLOWHIDDENFILE="/usr/bin/.ssh.hmac" #ALLOWHIDDENFILE="/usr/lib/.libfipscheck.so.1.1.0.hmac" diff --git a/roles/common/templates/etc/fail2ban/jail.local.j2 b/roles/common/templates/etc/fail2ban/jail.local.j2 index 415236f..1b157b1 100644 --- a/roles/common/templates/etc/fail2ban/jail.local.j2 +++ b/roles/common/templates/etc/fail2ban/jail.local.j2 @@ -28,43 +28,42 @@ filter = sshd logpath = /var/log/auth.log maxretry = 5 [ssh-ddos] enabled = true port = {{ ansible_ssh_port|default('22') }} filter = sshd-ddos logpath = /var/log/auth.log maxretry = 2 # Generic filter for pam. Has to be used with action which bans all ports # such as iptables-allports, shorewall [pam-generic] enabled = true # pam-generic filter can be customized to monitor specific subset of 'tty's filter = pam-generic # port actually must be irrelevant but lets leave it all for some possible uses -port = all -banaction = iptables-allports port = anyport +banaction = iptables-allports logpath = /var/log/auth.log maxretry = 6 {% if 'MX' in group_names %} [postfix] enabled = true port = smtp filter = postfix logpath = /var/log/mail.log maxretry = 10 {% endif %} {% if 'IMAP' in group_names %} [dovecot] enabled = true port = imap2,imap3,imaps,pop3,pop3s filter = dovecot |