| Commit message (Collapse) | Author | Age | Files |
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
* Use nftables sets with a timeout
* Start daemon with a hardened unit file and restricted Capability
Bounding Set. (This requires to change the log path to
/var/log/fail2ban/*.)
* Skip database as we don't care about persistence.
* Refactor jail.local
|
|
|
|
|
|
| |
It doesn't hurt to install them on all machines, but we're overriding
the provided /etc/fail2ban/filter.d/dovecot.conf and would rather keep
our delta minimal.
|
| |
|
| |
|
|
|
|
| |
This is pointless since the service will be restarted anyway.
|
|
|
|
|
|
|
|
|
| |
In particular, run 'apt-get update' right after configured APT, and
restart daemon right after configured them.
The advantage being that if ansible crashes in some "task", the earlier
would already be restarted if neeeded. (This may not happen in the next
run since the configuration should already be up to date.)
|
| |
|
|
|