Compare commits

..

2 commits

Author SHA1 Message Date
caeb23ee45
new default: coredump hardening sysctl.d; better swappiness default 2024-10-04 19:49:25 +02:00
Claudio Maradonna
8630677457
fix problem with zoreide iptables 2024-03-06 08:58:28 +01:00
3 changed files with 10 additions and 12 deletions

View file

@ -7,7 +7,7 @@ hardening_sshd_tcp_forward: false
hardening_sshd_legal_banner: false hardening_sshd_legal_banner: false
hardening_sshd_permissions_set_sticky_bit: true hardening_sshd_permissions_set_sticky_bit: true
hardening_sysctl_vm_swappiness: 15 hardening_sysctl_vm_swappiness: 0
hardening_sysctl_disable_ipv6: false hardening_sysctl_disable_ipv6: false
hardening_modprobe_disable_list: hardening_modprobe_disable_list:

View file

@ -0,0 +1 @@
kernel.core_pattern=|/bin/false

View file

@ -84,16 +84,13 @@
- name: Configure iptables - name: Configure iptables
when: when:
- "zoreide_enabled is true" - 'zoreide_enabled is true'
- "ansible_facts.services['iptables.service'] is defined" - "ansible_facts.services['iptables.service'] is defined"
block:
- name: Allow related and established connections
ansible.builtin.iptables: ansible.builtin.iptables:
chain: INPUT chain: INPUT
protocol: udp protocol: udp
destination_port: "{{ zoreide_ha_port }}" destination_port: "{{ zoreide_ha_port }}"
ctstate: NEW ctstate: NEW
syn: match
jump: ACCEPT jump: ACCEPT
comment: Zoreide HA Port comment: Zoreide HA Port