SELinux Troubleshooting

July 23, 2025

SELinux Troubleshooting #

Here’s a little guide on how to find if SELinux is blocking something and how to add an exception to the policy.

SELinux Modes #

SELinux operates in three modes:

# Check SELinux status and mode
sestatus

Understanding the Three Modes #

1. Enforcing: SELinux policy is enforced
2. Permissive: SELinux policy violations are logged but not blocked
3. Disabled: SELinux is completely disabled

Check if SELinux is the problem #

# Temporarily set to permissive mode and test
setenforce 0
# Test your application
# If it works now, SELinux was blocking it
setenforce 1

Troubleshooting Workflow #

When an application fails and you are certain that SELinux is blocking it, e.g. you turned SELinux off or into permissive mode and the application worked, you can do the following:

SSH Hardening and Automation User Setup with Ansible

July 12, 2025

SSH Hardening and Automation User Setup with Ansible #

Here’s a little post about how I do SSH hardening for my RHEL9 homelab and how I ensure that the Ansible automation user is properly set. The playbook stems from an incident I had in Red Hat Insights where it was reported that I had an SSH configuration that allowed legacy ciphers. It was also adviced to create a crypto policy that disables weak algorithms.

How to setup Ansible Vault

July 3, 2025

How to setup Ansible Vault #

Here’s a little guide on how I setup Ansible Vault for my Ansible playbook repository. It’s surprisingly simple and now all of my secrets are encrypted.

Setting Up Ansible Vault #

1. Create the Directory Structure #

First, create the standard Ansible directory structure for group variables:

mkdir -p group_vars/all

2. Create Your Vault File #

Create a vault file to store your encrypted credentials: