Ansible quirks: Delegating a task with a unique remote user

I've spent a few hours banging my head against something that - in retrospect - is pretty obvious: "delegate_to" does not respect the "ansible_user" inventory variable. Challenge delegate_to is used to execute a task on a host other than the one targeted for playbook execution.  Compare these three tasks: - command: echo Hello World - command: … Continue reading Ansible quirks: Delegating a task with a unique remote user

Four practical steps to improve your Security Lifecycle Program

The recent high-profile “Meltdown” and “Spectre” security event did more than expose newly-discovered problems in processor architectures dating back decades. It also exposed gaps in the Security Lifecycle Program for many organizations, possibly even in your own.

The details of this security event are already well-documented (see the original security notification in Red Hat’s Portal or this 3-minute video providing a high-level overview). So, what can your IT organization do to be better prepared for the next security event? Here are four practical actions you can take now to improve your Security Lifecycle Program.

Read the rest of "Four practical steps to improve your Security Lifecycle Program"

Managing access to Fedora 27 workstation with FreeIPA and HBAC

If you are trying to create an HBAC rule in FreeIPA to allow users to log on to Fedora 27 workstations via GDM, you will need to do the following: - Create a new HBAC service in FreeIPA, called "systemd-user" - Create an HBAC rule that includes "gdm", "gdm-password", and "systemd-user", granting access to your … Continue reading Managing access to Fedora 27 workstation with FreeIPA and HBAC