@@ -14,6 +14,7 @@ admin_user: manu
admin_email: kolter@openics.org
hosts_deny_nfs: False
+host_deny_paranoid: True
with_logcheck: True
with_rkhunter: True
@@ -21,7 +21,9 @@
# validate looked up hostnames still leave understandable logs. In past
# versions of Debian this has been the default.
# ALL: PARANOID
+{% if host_deny_paranoid %}
ALL: PARANOID
+{% endif %}
{% if hosts_deny_nfs %}
portmap: ALL
lockd: ALL