Rhel9 on Panic! At The Terminal

SSH Hardening and Automation User Setup with Ansible

Sat, 12 Jul 2025 12:00:00 +0300

SSH Hardening and Automation User Setup with Ansible #

Here’s a little post about how I do SSH hardening for my RHEL9 homelab and how I ensure that the Ansible automation user is properly set. The playbook stems from an incident I had in Red Hat Insights where it was reported that I had an SSH configuration that allowed legacy ciphers. It was also adviced to create a crypto policy that disables weak algorithms.

Setting up BIND9 for Internal DNS on RHEL9

Thu, 03 Jul 2025 20:00:00 +0300

Setting up BIND9 for Internal DNS on RHEL9 #

This guide covers setting up BIND9/named for internal reverse/forward DNS resolution on a RHEL9 server. Unlike public authoritative DNS servers, internal DNS servers provide recursive resolution for your internal network and handle local domain queries.

All IP addresses, network ranges, and hostnames in this guide are examples. Replace them with your actual values.

For the entirety of the guide we’ll be running every single command as root.

Setting up BIND9 for Public DNS on RHEL9

Thu, 03 Jul 2025 18:00:00 +0300

Setting up BIND9 for Public DNS on RHEL9 #

This guide covers setting up BIND9/named as an authoritative public DNS server on RHEL9. Unlike internal DNS servers that provide recursive resolution, public authoritative DNS servers are responsible for answering queries about domains you own and control.

This setup includes security hardening measures such as proper logging and zone transfer restrictions to protect your DNS infrastructure from abuse.

All IP addresses, domain names, and server configurations in this guide are examples. Replace them with your actual values.

Installing Red Hat Identity Management (IPA) without DNS on RHEL9

Thu, 03 Jul 2025 16:00:00 +0300

Installing Red Hat Identity Management (IPA) without DNS on RHEL9 #

Red Hat Identity Management (IdM) provides centralized authentication, authorization, and account information by storing data about users, groups, hosts, and other objects necessary to manage the security aspects of a network of computers. This guide covers installing IdM/IPA server without the integrated DNS service on RHEL9.

This guide demonstrates setting up a high-availability IPA deployment with two servers:

Automated KVM VM Provisioning with Ansible and OSBuild on RHEL9

Thu, 03 Jul 2025 14:00:00 +0300

Automated KVM VM Provisioning with Ansible and OSBuild on RHEL9 #

Introduction #

When I started looking into automating my homelab VM provisioning, I was surprised by the lack of examples combining Ansible with OSBuild for KVM environments. Not many tutorials focus on KVM, so I wanted something that used Red Hat’s tooling - as I run a RHEL homelab.

I used to provision my homelab virtual machines by hand and eventually I got tired of doing it since I like to tinker around a lot and constantly add new VMs. So, I decided to automate the process using the combination of Ansible and OSBuild.

Enable EPEL Repository on RHEL9

Tue, 03 Jun 2025 17:53:34 +0300

Enable EPEL Repository on RHEL 9 #

The EPEL repository provides packages that are not included in the standard RHEL repositories, such as htop and vim for example.

Prerequisites #

Before installing EPEL, you need to enable the CodeReady Builder repository, which provides dependencies for many EPEL packages.

Installation Steps #

Enable codeready builder repository #

subscription-manager repos --enable codeready-builder-for-rhel-9-$(arch)-rpms

Install epel-release #

dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm

Verification #

After installation, you can verify that EPEL is enabled by listing available repositories: