mirror/ infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2024-05-08 14:26:05 +02:00
Code Issues

dovecot: disable pam_faillock lockout mechanism 

faillock has often been locking me out of my mailbox because it counts
failed authentication attempts against my user; turn this off and rely
on fail2ban to block instances of account password brute-forcing by IP.
This commit is contained in:
Evangelos Foutras 2023-07-21 11:44:50 +03:00
parent 8480a4d216
commit bd5fad424e
No known key found for this signature in database
GPG Key ID: 51E8B148A9999C34
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
roles/dovecot/tasks/main.yml
View File

@ -47,6 +47,15 @@
- name: Start and enable dovecot
service: name=dovecot enabled=yes state=started
# faillock's default behavior allows third-parties to lock a user out of
# their mailbox by doing 3 failed auth attempts; turn it off and rely on
# fail2ban instead
- name: Disable pam_faillock lockout mechanism
lineinfile:
path: /etc/security/faillock.conf
regexp: deny =
line: deny = 0
- name: Open firewall holes
ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
with_items: