3 files changed, 3 insertions, 4 deletions

diff --git a/roles/MX/tasks/main.yml b/roles/MX/tasks/main.yml
index cae498e..361e379 100644
--- a/roles/MX/tasks/main.yml
+++ b/roles/MX/tasks/main.yml
@@ -7,41 +7,41 @@
     - postfix-cdb
     # The following is for reserved-alias.pl
     - libnet-ldap-perl
     - libauthen-sasl-perl
 
 - name: Configure Postfix
   template: src=etc/postfix/main.cf.j2
             dest=/etc/postfix-{{ postfix_instance[inst].name }}/main.cf
             owner=root group=root
             mode=0644
   notify:
     - Reload Postfix
 
 - name: Create directory /etc/postfix-.../virtual
   file: path=/etc/postfix-{{ postfix_instance[inst].name }}/virtual
         state=directory
         owner=root group=root
         mode=0755
 
 - name: Copy lookup tables (1)
-  file: src=etc/postfix/virtual/{{ item }}
+  copy: src=etc/postfix/virtual/{{ item }}
         dest=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/{{ item }}
         owner=root group=root
         mode=0644
   with_items:
     - domains.cf
     # no need to reload upon change, as cleanup(8) is short-running
     - reserved_alias.pcre
     - alias.cf
     - mailbox.cf
     - list.cf
     - alias_domains.cf
     - catchall.cf
 
 - name: Copy lookup tables (2)
   template: src=etc/postfix/virtual/transport.j2
             dest=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/transport
             owner=root group=root
             mode=0644
 
 - name: Compile the Postfix transport maps
diff --git a/roles/common/files/etc/rkhunter.conf b/roles/common/files/etc/rkhunter.conf
index 9a64a17..542fcfd 100644
--- a/roles/common/files/etc/rkhunter.conf
+++ b/roles/common/files/etc/rkhunter.conf
@@ -490,41 +490,41 @@ SCRIPTWHITELIST=/usr/sbin/prelink
 #
 # This is a space-separated list of filenames. The option may
 # be specified more than once. The option may use wildcard
 # characters.
 #
 #IMMUTWHITELIST="/sbin/ifup /sbin/ifdown"
 
 #
 # If this option is set to 1, then the immutable-bit test is
 # reversed. That is, the files are expected to have the bit set.
 #
 IMMUTABLE_SET=0
 
 #
 # Allow the specified hidden directories to be whitelisted.
 #
 # This is a space-separated list of directory pathnames.
 # The option may be specified more than once. The option
 # may use wildcard characters.
 #
-#ALLOWHIDDENDIR="/etc/.java"
+ALLOWHIDDENDIR="/etc/.java"
 #ALLOWHIDDENDIR="/dev/.static"
 #ALLOWHIDDENDIR="/dev/.SRC-unix"
 ALLOWHIDDENDIR="/etc/.git"
 
 #
 # Allow the specified hidden files to be whitelisted.
 #
 # This is a space-separated list of filenames. The option may
 # be specified more than once. The option may use wildcard
 # characters.
 # 
 #ALLOWHIDDENFILE="/etc/.java"
 #ALLOWHIDDENFILE="/usr/share/man/man1/..1.gz"
 #ALLOWHIDDENFILE="/etc/.pwd.lock"
 #ALLOWHIDDENFILE="/etc/.init.state"
 #ALLOWHIDDENFILE="/lib/.libcrypto.so.0.9.8e.hmac /lib/.libcrypto.so.6.hmac"
 #ALLOWHIDDENFILE="/lib/.libssl.so.0.9.8e.hmac /lib/.libssl.so.6.hmac"
 #ALLOWHIDDENFILE="/usr/bin/.fipscheck.hmac"
 #ALLOWHIDDENFILE="/usr/bin/.ssh.hmac"
 #ALLOWHIDDENFILE="/usr/lib/.libfipscheck.so.1.1.0.hmac"
diff --git a/roles/common/templates/etc/fail2ban/jail.local.j2 b/roles/common/templates/etc/fail2ban/jail.local.j2
index 415236f..1b157b1 100644
--- a/roles/common/templates/etc/fail2ban/jail.local.j2
+++ b/roles/common/templates/etc/fail2ban/jail.local.j2
@@ -28,43 +28,42 @@ filter   = sshd
 logpath  = /var/log/auth.log
 maxretry = 5
 
 [ssh-ddos]
 
 enabled  = true
 port     = {{ ansible_ssh_port|default('22') }}
 filter   = sshd-ddos
 logpath  = /var/log/auth.log
 maxretry = 2
 
 
 # Generic filter for pam. Has to be used with action which bans all ports
 # such as iptables-allports, shorewall
 [pam-generic]
 
 enabled   = true
 # pam-generic filter can be customized to monitor specific subset of 'tty's
 filter    = pam-generic
 # port actually must be irrelevant but lets leave it all for some possible uses
-port      = all
-banaction = iptables-allports
 port      = anyport
+banaction = iptables-allports
 logpath   = /var/log/auth.log
 maxretry  = 6
 
 {% if 'MX' in group_names %}
 [postfix]
 
 enabled  = true
 port     = smtp
 filter   = postfix
 logpath  = /var/log/mail.log
 maxretry = 10
 {% endif %}
 
 
 {% if 'IMAP' in group_names %}
 [dovecot]
 
 enabled = true
 port    = imap2,imap3,imaps,pop3,pop3s
 filter  = dovecot