summaryrefslogtreecommitdiffstats
path: root/roles/common/tasks/fail2ban.yml
Commit message (Collapse)AuthorAgeFiles
* Improve/harden fail2ban configuration.Guilhem Moulin2020-01-251
| | | | | | | | | * Use nftables sets with a timeout * Start daemon with a hardened unit file and restricted Capability Bounding Set. (This requires to change the log path to /var/log/fail2ban/*.) * Skip database as we don't care about persistence. * Refactor jail.local
* fail2ban: Only install the roundcube/dovecot filters if needed.Guilhem Moulin2018-12-151
| | | | | | It doesn't hurt to install them on all machines, but we're overriding the provided /etc/fail2ban/filter.d/dovecot.conf and would rather keep our delta minimal.
* Update 'IMAP', 'MSA' and 'LDAP-provider' roles to Debian Stretch.Guilhem Moulin2018-12-091
|
* Configure the webmail.Guilhem Moulin2015-06-071
|
* Don't start daemons when there is a triggered handler.Guilhem Moulin2015-06-071
| | | | This is pointless since the service will be restarted anyway.
* Flush pending handlers between each include.Guilhem Moulin2015-06-071
| | | | | | | | | In particular, run 'apt-get update' right after configured APT, and restart daemon right after configured them. The advantage being that if ansible crashes in some "task", the earlier would already be restarted if neeeded. (This may not happen in the next run since the configuration should already be up to date.)
* Autostart daemons.Guilhem Moulin2015-06-071
|
* Configure fail2ban.Guilhem Moulin2015-06-071