forked from evolix/ansible-roles
52 lines
1.7 KiB
YAML
52 lines
1.7 KiB
YAML
---
|
|
general_alert_email: "root@localhost"
|
|
fail2ban_alert_email: Null
|
|
|
|
# Note: there are 2 variable to allow various overrides, but they are merged.
|
|
# "127.0.0.1/8" is always added to the list, even if the following lists are empty.
|
|
fail2ban_default_ignore_ips: []
|
|
fail2ban_additional_ignore_ips: []
|
|
|
|
# WARN: setting this to True will overwrite the list of ignored IP
|
|
fail2ban_force_update_ignore_ips: False
|
|
|
|
fail2ban_override_jaillocal: False
|
|
|
|
fail2ban_default_maxretry: 5
|
|
fail2ban_default_bantime: 10m
|
|
fail2ban_default_findtime: 10m
|
|
|
|
# Default fail2ban action. Chose beetween :
|
|
# - "action_" : (default) - ban only (following banaction)
|
|
# - "action_mw" : ban & send an email with whois report
|
|
# - "action_mwl" : ban & send an email with whois and log lines
|
|
fail2ban_default_action: "action_"
|
|
|
|
fail2ban_sshd: True
|
|
fail2ban_sshd_port: "ssh,2222,22222"
|
|
fail2ban_sshd_maxretry: 10
|
|
fail2ban_sshd_bantime: "{{ fail2ban_default_bantime }}"
|
|
fail2ban_sshd_findtime: "{{ fail2ban_default_findtime }}"
|
|
|
|
fail2ban_recidive: False
|
|
fail2ban_recidive_maxretry: 3
|
|
fail2ban_recidive_bantime: 1w
|
|
fail2ban_recidive_findtime: 1d
|
|
|
|
fail2ban_wordpress_hard: False
|
|
fail2ban_wordpress_hard_maxretry: 1
|
|
fail2ban_wordpress_hard_bantime: "{{ fail2ban_default_bantime }}"
|
|
fail2ban_wordpress_hard_findtime: "{{ fail2ban_default_findtime }}"
|
|
|
|
fail2ban_wordpress_soft: False
|
|
fail2ban_wordpress_soft_maxretry: 5
|
|
fail2ban_wordpress_soft_bantime: "{{ fail2ban_default_bantime }}"
|
|
fail2ban_wordpress_soft_findtime: "{{ fail2ban_default_findtime }}"
|
|
|
|
fail2ban_roundcube: False
|
|
fail2ban_roundcube_maxretry: 5
|
|
fail2ban_roundcube_bantime: "{{ fail2ban_default_bantime }}"
|
|
fail2ban_roundcube_findtime: "{{ fail2ban_default_findtime }}"
|
|
|
|
fail2ban_dbpurgeage_default: "86400 second"
|