Security

Redirect local ports with firewalld

Redirecting local ports with iptables directly isn’t too difficult, but can we use firewalld to get the same result? 🧱

Super cute raccoon standing in front of green foliage

Launch a watchtower container via podman quadlets

Podman’s new quadlet feature lets you specify container launch configuration via simple systemd-like unit files. 📦

1Password quick access in Sway

1Password has a handy quick access launcher and you can bring it on screen for fast access to passwords and two factor codes in Sway. 🔐

View of a beach by the ocean from the air

Migrating to AWS CloudFront

New experiences bring joy! After working with fun AWS CloudFront hacks at work this week, I decided to migrate this blog to AWS S3 and CloudFront. ⛅

Wooden watchtower with mountains in the background

Automatic container updates with watchtower

Watchtower keeps an eye on your running containers and updates them when new containers appear upstream. 📦

Connect 1Password's CLI and app in i3 with lxpolkit

1Password’s CLI tool connects via PolicyKit to the 1Password application for authentication, but this isn’t the easiest in i3. 🔑

Use GNOME Keyring with Sway

Add encrypted ssh keys to your workflow more efficiently with gnome-keyring in the sway window manager.

Basic authentication with Traefik on kubernetes

Keep prying eyes away from your sites behind Traefik with basic authentication. 🛃

Encrypted gitops secrets with flux and age

Store encrypted kubernetes secrets safely in your gitops repository with easy-to-use age encryption. 🔐

Secure Tailscale networks with firewalld

Tailscale provides a handy private network mesh across multiple devices but it needs security just like any other network. 🕵

Forwarding ports with firewalld

Learn how to forward ports with firewalld for IPv4 and IPv6 destinations. 🕵🏻

Inspecting OpenShift cgroups from inside the pod

...

Running Ansible in OpenShift with arbitrary UIDs

...

Running Home Assistant in a Docker container with a Z-Wave USB stick

...

Disable autoplay for videos in Firefox 65

...

Use a secret as an environment variable in OpenShift deployments

Environment variables are easy to add to OpenShift deployments, but a more secure way to add these variables is by referencing a secret.

Changes in RHEL 7 Security Technical Implementation Guide Version 1, Release 3

...

Apply the STIG to even more operating systems with ansible-hardening

...

Old role, new name: ansible-hardening

...

Enable AppArmor on a Debian Jessie cloud image

...

RHEL 7 STIG v1 updates for openstack-ansible-security

...

Display auditd messages with journalctl

...

augenrules fails with “rule exists” when loading rules into auditd

...

Talk Recap: Holistic Security for OpenStack Clouds

...

Automated security hardening with Ansible: May updates

...

Troubleshooting OpenStack network connectivity

...

Preventing Ubuntu 16.04 from starting daemons when a package is installed

...

802.1x with NetworkManager using nmcli

...

Talk Recap: Automated security hardening with OpenStack-Ansible

...

Enable IPv6 privacy in NetworkManager

...

Automated Let’s Encrypt DNS challenges with Rackspace Cloud DNS

...

Enabling kwallet after accidentally disabling it

...

Talking to college students about information security

...

systemd-networkd and macvlan interfaces

...

What I learned while securing Ubuntu

...

Time Warner Road Runner, Linux, and large IPv6 subnets

...

Chronicles of SELinux: Dealing with web content in unusual directories

...

Build a network router and firewall with Fedora 22 and systemd-networkd

...

Research Paper: Securing Linux Containers

...

Automated testing for Ansible CIS playbook on RHEL/CentOS 6

...

Improving LXC template security

...

Time for a new GPG key

...

Adventures with GRE and IPSec on Mikrotik routers

...

You have a problem and icanhazip.com isn’t one of them

...

Run virsh and access libvirt as a regular user

Libvirt is a handy way to manage containers and virtual machines on various systems. On most distributions, you can only access the libvirt daemon via the root user by default. I’d rather use a regular non-root user to access libvirt and limit that access via groups. ...

Helpful, low-FUD information security sites, mailing lists, and blogs

...

Trust an IP address with firewalld’s rich rules

...

Apache’s mod_proxy, mod_ssl, and BitTorrent Sync

...

Etsy reminds us that information security is an active process

...

AVC: denied dyntransition from sshd

...