Make 'ALL: PARANOID' config in /etc/hosts.deny optional

group_vars/all

@@ -14,6 +14,7 @@ admin_user: manu
 admin_email: kolter@openics.org
 
 hosts_deny_nfs: False
+host_deny_paranoid: True
 
 with_logcheck: True
 with_rkhunter: True

roles/common/templates/hosts.deny.j2

@@ -21,7 +21,9 @@
 # validate looked up hostnames still leave understandable logs. In past
 # versions of Debian this has been the default.
 # ALL: PARANOID
+{% if host_deny_paranoid %}
 ALL: PARANOID
+{% endif %}
 {% if hosts_deny_nfs %}
 portmap: ALL
 lockd: ALL