From 6edb852b9e33ab684c1b545da9e096f99ed02d9b Mon Sep 17 00:00:00 2001 From: Leonard Ehrenfried Date: Mon, 18 Nov 2024 14:30:34 +0100 Subject: [PATCH] Harmonise the hardening parameters --- group_vars/all.yml | 7 ++++--- group_vars/infrastructure.yml | 8 -------- 2 files changed, 4 insertions(+), 11 deletions(-) diff --git a/group_vars/all.yml b/group_vars/all.yml index a183045..e8b8fa3 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -24,13 +24,14 @@ firewall_allowed_tcp_ports: firewall_state: started firewall_enabled_at_boot: true firewall_flush_rules_and_chains: false + # ssh hardening network_ipv6_enable: true -ssh_allow_agent_forwarding: "yes" +ssh_allow_agent_forwarding: true ssh_permit_tunnel: "yes" ssh_allow_tcp_forwarding: "yes" -sftp_enabled: "yes" -sftp_chroot: "yes" +sftp_enabled: true +sftp_chroot: true certbot_certs: - domains: diff --git a/group_vars/infrastructure.yml b/group_vars/infrastructure.yml index 1f6e58e..4c63c43 100644 --- a/group_vars/infrastructure.yml +++ b/group_vars/infrastructure.yml @@ -3,14 +3,6 @@ server_name: photon-eu.stadtnavi.eu matrix_room_address: "!UXrSFkkJoppiEZEfgC:matrix.org" -# ssh hardening -network_ipv6_enable: true -ssh_allow_agent_forwarding: true -ssh_permit_tunnel: "yes" -ssh_allow_tcp_forwarding: "yes" -sftp_enabled: true -sftp_chroot: true - firewall_state: stopped firewall_allowed_tcp_ports: - "22"