Archy's Blog

By default, zabbix runs on http and sends all login data in cleartext which is not ideal in terms of security. This is a short writeup on how to configure the zabbix-frontend to run on https. First up, you'll need a certificate. This can be obtained from your internal CA or you can generate a self-signed certificate using this handy command: [archy@zabbix ~]$ sudo openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/pki/tls/private/zabbix.archyslife.lan.key -out /etc/pki/tls/certs/zabbix.archyslife.lan.cert Now that you've got the certificate, reconfigure httpd to also listen on port 443. Add this line to /etc/httpd/conf/httpd.conf: [archy@zabbix ~]$ sudo vim /etc/httpd/conf/httpd.conf Listen 443 Now, let's configure the zabbix virtualhost. The virtualhost config is a slightly altered version of the default version provided by zabbix. [archy@zabbix ~]$ sudo vim /etc/httpd/conf.d/zabbix.conf Alias /zabbix /usr/share/zabbix <VirtualHost *:443>...

I was writing an internal role that handles all things SELinux which can be included in playbooks just like any other role. However, I found out that when templating /etc/selinux/config using ansible and jinja2, you will have to use SELINUX={{ selinux_state }} instead of  SELINUX="{{ selinux_state }}" since this might result in a system unable to log in or start any login manager due to not being able to load the correct context. There's the gotcha but how to fix it? Reboot the machine into emergency mode. --> Press 'e' in the grub menu -->  add 'rd.break' to the boot_cmdline like shown in the picture and press 'ctrl' + 'x' to boot From here on out, remount the /sysroot directory as read-write switch_root:/# mount -o remount,rw /sysroot chroot into your installation switch_root:/# chroot /sysroot fix the /etc/selinux/config and relabel everything (just to ensure everything is going to be labeled correctly). sh-4.2# vi /et...