@@ -279,13 +279,15 @@ The role implements the following:
(SSH), and also introduces rate-limitting for incoming ICMP echo request
pacakges and (new) TCP connections. The rate-limitting is based on the source
IP address, using the ``iptables hashlimit`` module.
* Sets-up system for performing checks on certificates (currently only if they
expire within less than 30 days). Roles that want their certificates checked
should deploy a ``.conf`` to directory ``/etc/check_certificate/`` with paths
to certificate files, one per line. Certificates are checked on daily basis.
to certificate files, one per line. Certificates are checked on
daily basis, using crontab (resulting in failures being sent out to
the ``root`` user).
* Deploys ``apticron`` package that performs checks for available package
upgrades on daily basis. Mails are delivered to local ``root`` account, and
can be redirected elsewhere via aliases. If using ``mail_forwarder`` or
``mail_server`` roles on the same server, aliases can be set-up through them.
* Sets-up system for performing checks on pip requirements files. Roles that
want their requirements files checked should create a sub-directory inside of