Security

Redirect local ports with firewalld

28 June 2024·645 words·4 mins

Redirecting local ports with iptables directly isn’t too difficult, but can we use firewalld to get the same result? 🧱

2023

Launch a watchtower container via podman quadlets

31 May 2023·648 words·4 mins

Podman’s new quadlet feature lets you specify container launch configuration via simple systemd-like unit files. 📦

1Password quick access in Sway

19 April 2023·238 words·2 mins

1Password has a handy quick access launcher and you can bring it on screen for fast access to passwords and two factor codes in Sway. 🔐

Migrating to AWS CloudFront

17 February 2023·2326 words·11 mins

New experiences bring joy! After working with fun AWS CloudFront hacks at work this week, I decided to migrate this blog to AWS S3 and CloudFront. ⛅

Automatic container updates with watchtower

4 January 2023·481 words·3 mins

Watchtower keeps an eye on your running containers and updates them when new containers appear upstream. 📦

2022

Connect 1Password's CLI and app in i3 with lxpolkit

30 December 2022·610 words·3 mins

1Password’s CLI tool connects via PolicyKit to the 1Password application for authentication, but this isn’t the easiest in i3. 🔑

Use GNOME Keyring with Sway

5 August 2022·1060 words·5 mins

Add encrypted ssh keys to your workflow more efficiently with gnome-keyring in the sway window manager.

Basic authentication with Traefik on kubernetes

20 April 2022·873 words·5 mins

Keep prying eyes away from your sites behind Traefik with basic authentication. 🛃

Encrypted gitops secrets with flux and age

19 April 2022·1628 words·8 mins

Store encrypted kubernetes secrets safely in your gitops repository with easy-to-use age encryption. 🔐

2021

Secure Tailscale networks with firewalld

30 October 2021·645 words·4 mins

Tailscale provides a handy private network mesh across multiple devices but it needs security just like any other network. 🕵

Forwarding ports with firewalld

11 October 2021·726 words·4 mins

Learn how to forward ports with firewalld for IPv4 and IPv6 destinations. 🕵🏻

2019

Inspecting OpenShift cgroups from inside the pod

5 April 2019·1052 words·5 mins

Running Ansible in OpenShift with arbitrary UIDs

22 March 2019·590 words·3 mins

Running Home Assistant in a Docker container with a Z-Wave USB stick

14 January 2019·645 words·4 mins

2018

Disable autoplay for videos in Firefox 65

18 December 2018·142 words·1 min

Use a secret as an environment variable in OpenShift deployments

6 December 2018·304 words·2 mins

Environment variables are easy to add to OpenShift deployments, but a more secure way to add these variables is by referencing a secret.

2017

Changes in RHEL 7 Security Technical Implementation Guide Version 1, Release 3

2 November 2017·501 words·3 mins

Apply the STIG to even more operating systems with ansible-hardening

21 July 2017·215 words·2 mins

Old role, new name: ansible-hardening

27 June 2017·164 words·1 min

Enable AppArmor on a Debian Jessie cloud image

24 May 2017·472 words·3 mins

RHEL 7 STIG v1 updates for openstack-ansible-security

5 April 2017·204 words·1 min

Display auditd messages with journalctl

5 January 2017·525 words·3 mins

augenrules fails with “rule exists” when loading rules into auditd

3 January 2017·425 words·2 mins

2016

Talk Recap: Holistic Security for OpenStack Clouds

31 October 2016·541 words·3 mins

Automated security hardening with Ansible: May updates

27 May 2016·434 words·3 mins

Troubleshooting OpenStack network connectivity

17 May 2016·1140 words·6 mins

Preventing Ubuntu 16.04 from starting daemons when a package is installed

5 May 2016·359 words·2 mins

802.1x with NetworkManager using nmcli

3 May 2016·263 words·2 mins

Talk Recap: Automated security hardening with OpenStack-Ansible

26 April 2016·597 words·3 mins

Enable IPv6 privacy in NetworkManager

17 April 2016·480 words·3 mins

Automated Let’s Encrypt DNS challenges with Rackspace Cloud DNS

31 March 2016·693 words·4 mins

Enabling kwallet after accidentally disabling it

28 January 2016·242 words·2 mins

2015

Talking to college students about information security

10 November 2015·1430 words·7 mins

systemd-networkd and macvlan interfaces

26 October 2015·562 words·3 mins

What I learned while securing Ubuntu

14 October 2015·1308 words·7 mins

Time Warner Road Runner, Linux, and large IPv6 subnets

11 September 2015·802 words·4 mins

Chronicles of SELinux: Dealing with web content in unusual directories

10 September 2015·1343 words·7 mins

Build a network router and firewall with Fedora 22 and systemd-networkd

27 August 2015·926 words·5 mins

Research Paper: Securing Linux Containers

14 August 2015·456 words·3 mins

Automated testing for Ansible CIS playbook on RHEL/CentOS 6

5 August 2015·127 words·1 min

Improving LXC template security

18 June 2015·312 words·2 mins

Adventures with GRE and IPSec on Mikrotik routers

27 May 2015·1696 words·8 mins

You have a problem and icanhazip.com isn’t one of them

20 May 2015·432 words·3 mins

Run virsh and access libvirt as a regular user

11 April 2015·194 words·1 min

Libvirt is a handy way to manage containers and virtual machines on various systems. On most distributions, you can only access the libvirt daemon via the root user by default. I’d rather use a regular non-root user to access libvirt and limit that access via groups.

2024