https://blog.nousiainen.xyz/categories/security/ Recent content in Security on Panic! At The Terminal Hugo en-us Thu, 24 Jul 2025 20:18:35 +0300 https://blog.nousiainen.xyz/docs/selinux-comprehensive-guide/ Wed, 23 Jul 2025 10:00:00 +0200 https://blog.nousiainen.xyz/docs/selinux-comprehensive-guide/ <h1 id="selinux-troubleshooting"> SELinux Troubleshooting <a class="anchor" href="#selinux-troubleshooting">#</a> </h1> <p>Here&rsquo;s a little guide on how to find if SELinux is blocking something and how to add an exception to the policy.</p> <h2 id="selinux-modes"> SELinux Modes <a class="anchor" href="#selinux-modes">#</a> </h2> <p>SELinux operates in three modes:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># Check SELinux status and mode</span> </span></span><span style="display:flex;"><span>sestatus </span></span></code></pre></div><h3 id="understanding-the-three-modes"> Understanding the Three Modes <a class="anchor" href="#understanding-the-three-modes">#</a> </h3> <ol> <li>Enforcing: SELinux policy is enforced</li> <li>Permissive: SELinux policy violations are logged but not blocked</li> <li>Disabled: SELinux is completely disabled</li> </ol> <h3 id="check-if-selinux-is-the-problem"> Check if SELinux is the problem <a class="anchor" href="#check-if-selinux-is-the-problem">#</a> </h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># Temporarily set to permissive mode and test</span> </span></span><span style="display:flex;"><span>setenforce <span style="color:#ae81ff">0</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Test your application</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># If it works now, SELinux was blocking it</span> </span></span><span style="display:flex;"><span>setenforce <span style="color:#ae81ff">1</span> </span></span></code></pre></div><h2 id="troubleshooting-workflow"> Troubleshooting Workflow <a class="anchor" href="#troubleshooting-workflow">#</a> </h2> <p>When an application fails and you are certain that SELinux is blocking it, e.g. you turned SELinux off or into permissive mode and the application worked, you can do the following:</p> https://blog.nousiainen.xyz/docs/ssh-hardening-ansible/ Sat, 12 Jul 2025 12:00:00 +0300 https://blog.nousiainen.xyz/docs/ssh-hardening-ansible/ <h1 id="ssh-hardening-and-automation-user-setup-with-ansible"> SSH Hardening and Automation User Setup with Ansible <a class="anchor" href="#ssh-hardening-and-automation-user-setup-with-ansible">#</a> </h1> <p>Here&rsquo;s a little post about how I do SSH hardening for my RHEL9 homelab and how I ensure that the Ansible automation user is properly set. The playbook stems from an incident I had in Red Hat Insights where it was reported that I had an SSH configuration that allowed legacy ciphers. It was also adviced to create a crypto policy that disables weak algorithms.</p> https://blog.nousiainen.xyz/docs/redhat-idm-install-guide/ Thu, 03 Jul 2025 16:00:00 +0300 https://blog.nousiainen.xyz/docs/redhat-idm-install-guide/ <h1 id="installing-red-hat-identity-management-ipa-without-dns-on-rhel9"> Installing Red Hat Identity Management (IPA) without DNS on RHEL9 <a class="anchor" href="#installing-red-hat-identity-management-ipa-without-dns-on-rhel9">#</a> </h1> <p>Red Hat Identity Management (IdM) provides centralized authentication, authorization, and account information by storing data about users, groups, hosts, and other objects necessary to manage the security aspects of a network of computers. This guide covers installing IdM/IPA server without the integrated DNS service on RHEL9.</p> <p>This guide demonstrates setting up a high-availability IPA deployment with two servers:</p> https://blog.nousiainen.xyz/docs/ansible-vault-guide/ Thu, 03 Jul 2025 10:00:00 +0300 https://blog.nousiainen.xyz/docs/ansible-vault-guide/ <h1 id="how-to-setup-ansible-vault"> How to setup Ansible Vault <a class="anchor" href="#how-to-setup-ansible-vault">#</a> </h1> <p>Here&rsquo;s a little guide on how I setup Ansible Vault for my Ansible playbook repository. It&rsquo;s surprisingly simple and now all of my secrets are encrypted.</p> <h2 id="setting-up-ansible-vault"> Setting Up Ansible Vault <a class="anchor" href="#setting-up-ansible-vault">#</a> </h2> <h3 id="1-create-the-directory-structure"> 1. Create the Directory Structure <a class="anchor" href="#1-create-the-directory-structure">#</a> </h3> <p>First, create the standard Ansible directory structure for group variables:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>mkdir -p group_vars/all </span></span></code></pre></div><h3 id="2-create-your-vault-file"> 2. Create Your Vault File <a class="anchor" href="#2-create-your-vault-file">#</a> </h3> <p>Create a vault file to store your encrypted credentials:</p>