Trust but verify This post is about the audit daemon (auditd) that is available for most Linux systems.
Recently I’ve been looking at alternative ways to monitor sudo users on the servers I manage. Generally speaking it’s a good practice to keep an audit trail on managed systems. From a purely security perspective the more auditing you have on a system the easier any incident response should become when you need it.
Time to hang the mission accomplished banners! This site is 100% powered by Podman containers!
It’s been a long, hard road but we made it! Around 2 months ago, way back at the end of May, I said that I was going to migrate this site, along with the others I host into containers using the Podman container engine.
As of now (2 weeks ago really) that work is done.
Because apparently I can’t leave well enough alone. In this post, I’ll dive into how I went about setting up an Nginx reverse proxy for this WordPress site, and some of the challenges I ran into along the way.
This was a task that proved to be more challenging than I anticipated, and there were moments that I questioned my ability to get it working. - It’s also got me wondering if my next project should be migrating to a static site generator.
If you’ve been following along with my attempt to migrate this Wordpress site into container services with Podman then you will be happy to know that I’ve achieved the first milestone. The database for this site now resides pleasantly in a rootless Podman container.
One of the major reasons I wanted to try Podman was that, outside of installing the package itself, everything I wanted to run could be achieved as a non-root, non-privileged account.
In my previous post about migrating this site to Podman, I laid out a rough outline of my plan to move forward with Podman. Step one was to move the database into a container.
I have a few updates on my progress, and some tips to share regarding selinux, and containers that have systemd running for service control.
I’ve basically been starting from scratch on this - I don’t have any experience with other container platforms like Docker, I have had some limited exposer to lxd on Ubuntu systems, but I’ve always treated them as live systems – more like a VM than a container.
On occasion I need to pull a host list from Satellite 6; and while using the web ui is often simple enough, the hammer cli that comes with foreman is often faster.
Here is a quick way to get a full host list:
hammer host list That command will print list of all hosts registered with your Satellite server.
Filter by OS major version Often when I’m generating this list it’s because someone has asked me something like: “How many RHEL 5, servers do we have?