centos

Tailscale exit nodes allow you to route your traffic through nearly any system in your tailnet. Learn how to build an exit node using firewalld. 🕳️

Learn how to customize a CentOS Stream 9 cloud image with the stuff you want and nothing that you don’t. 📦

Managing iptables gets a lot easier with firewalld.

If you’re on the latest Fedora release, you’re already running lots of modern packages.

After a recent OpenStack-Ansible (OSA) deployment on CentOS, I found that keepalived was not starting properly at boot time:

The latest release of the Red Hat Enterprise Linux Security Technical Implementation Guide (STIG) was published last week.

I’ve been working through some patches to OpenStack-Ansible lately to optimize how we configure yum repositories in our deployments.

DISA’s final release of the Red Hat Enterprise Linux (RHEL) 7 Security Technical Implementation Guide (STIG) came out a few weeks ago and it has plenty of improvements and changes.

All systems running systemd come with a powerful tool for reviewing the system journal: journalctl.

When I came back from the holiday break, I found that the openstack-ansible-security role wasn’t passing tests any longer.

Lots of work has gone into the openstack-ansible-security Ansible role since I delivered a talk about it last month at the OpenStack Summit in Austin.

Updating Dell PowerEdge firmware from Linux is quite easy, but it isn’t documented very well.

I’ve decided to start a series of posts called “Chronicles of SELinux” where I hope to educate more users on how to handle SELinux denials with finesse rather than simply disabling it entirely.

I talked a bit about systemd’s network device name in my earlier post about systemd-networkd and bonding and I received some questions about how systemd rolls through the possible names of network devices to choose the final name.

It seems like there’s a new way to run containers every week.

I started working on the Ansible CIS playbook for CentOS and RHEL 6 back in 2014 and I’ve made a few changes to increase quality and make it easier to use.

GNOME 3 generally works well for me but it has some quirks.

I’ve been getting involved with the Fedora Security Team lately and we’re working as a group to crush security bugs that affect Fedora, CentOS (via EPEL) and Red Hat Enterprise Linux (via EPEL).

When you upgrade packages on Red Hat, CentOS and Fedora systems, the newer package replaces the older package.

There are plenty of guides out there for making ethernet bridges in Linux to support virtual machines using built-in network scripts or NetworkManager.

One of the first tools I learned about after working with Red Hat was sysstat.

Red Hat Enterprise Linux and CentOS 7 users can now install httpry 0.

While using a Dell R720 at work today, we stumbled upon a problem where the predictable network device naming with systemd gave us some unpredictable results.

We’re all familiar with live booting Linux distributions.

My work at Rackspace has involved working with a bunch of Debian chroots lately.

After having some interesting discussions last week around KVM and Xen performance improvements over the past years, I decided to do a little research on my own.

Dell provides the racadm software on Linux that allows you to manage Dell hardware from a Linux system.

Getting started with LXC is a bit awkward and I’ve assembled this guide for anyone who wants to begin experimenting with LXC containers in Fedora 20.

I’d like to congratulate the CentOS project on their big news yesterday.

The confined user support in SELinux is handy for ensuring that users aren’t able to do something that they shouldn’t.

Most of my websites run on a pair of Supermicro servers that I purchased from Silicon Mechanics (and I can’t say enough good things about them and their servers).

I’ve converted one of my KVM hypervisors from CentOS 6 to Fedora 18 and now comes the task of migrating my virtual machines off of my single remaining CentOS 6 hypervisor.

This post is a quick one but I wanted to share it since I taught it to someone new today.

A coworker heard me grumbling about Linux system administration standards and recommended that I review the CIS Security Benchmarks.

The wheel group exists for a critical purpose and Wikipedia has a concise definition:

This article appeared in SC Magazine and I’ve posted it here as well.

After many discussions with fellow Linux users, I’ve come to realize that most seem to disable SELinux rather than understand why it’s denying access.

I’m in the process of moving back to a postfix/dovecot setup for hosting my own mail and I wanted a way to remove the more sensitive email headers that are normally generated when I send mail.

The latest versions of virt-manager don’t release the mouse pointer when you’re doing X forwarding to a machine running OS X.

I’m still quite pleased with my Samsung Galaxy SIII but there are some finicky Bluetooth issues with my car that I simply can’t figure out.

Automating package updates in CentOS 6 is a quick process and it ensures that your system receives the latest available security patches, bugfixes and enhancements.

This problem came up in conversation earlier this week and I realized that I’d never written a post about it.

A fellow Racker showed me httpry about five years ago and I’ve had in my toolbox as a handy way to watch HTTP traffic.

The grades came back last Friday and I’ve passed the last exam in the requirements to become a Red Hat Certified Architect (RHCA).

As promised in my earlier post entitled Kerberos for haters, I’ve assembled the simplest possible guide to get Kerberos up an running on two CentOS 5 servers.

I used to be one of those folks who would install Fedora, CentOS, Scientific Linux, or Red Hat and disable SELinux during the installation.

When you install Scientific Linux, it will keep you on the same point release that you installed.

Before we get started, I really ought to drop this here:

SELinux isn’t a technology that’s easy to tackle for newcomers.

I’m using SELinux more often now on my Fedora 15 installations and I came up against a peculiar issue today on a new server.

As promised in one of my previous posts about dual-primary DRBD and OCFS2, I’ve compiled a step-by-step guide for Fedora.

It’s not easy remembering which RPM packages contain certain files.

One of the most interesting topics I’ve seen so far during my RHCA training at Rackspace this week is SystemTap.