Skip to main content

· 10 min read

Parsing SUDO Logs with Grafana Loki

Are you interested in monitoring who executes SUDO commands on your system? This guide provides insights into tracking both accepted and rejected SUDO events, along with alerting rules to notify you of any rejected SUDO events.

· 7 min read

PrivateBin Deployment with Rootless Podman Using Ansible Role

The PrivateBin Ansible Role deploys the PrivateBin service in a rootless container using Podman. This container operates within the user namespace and is managed by a systemd unit, ensuring a secure and efficient deployment.

This role is designed with simplicity in mind, featuring minimal variables to reduce complexity. It caters to both beginners who are comfortable with default configurations and advanced users looking to customize PrivateBin.

· 4 min read

Rootless Promtail with Ansible Enhancing Security and Efficiency

The Ansible Promtail Role allows you to effortlessly deploy and manage Promtail, agent which ships contents of local logs to private Loki. Role is tailored for systems from the Red Hat family. Before diving into the details, I highly recommend reading the role's file for a comprehensive understanding.

· 8 min read

Simplify Node Exporter Deployment with Ansible

In this blog post, we will explore how to leverage Ansible and the node_exporter role to streamline the deployment of Node Exporter—a popular Prometheus exporter for monitoring Linux systems. By using this role, you can easily configure and deploy Node Exporter across multiple servers in your infrastructure.

· 7 min read

Ansible Linux OS patching

Everyone knows that patching packages are not fun. I decided to create an Ansible role that can patch Enterprise Linux ( RHEL ) and other Red Hat derivatives (e.g. CentOS, Rocky, Alma, Fedora ). This role support 3 modes for patching.

  1. Patch all OS packages to the latest version
  2. Apply all security patches
  3. Apply all bugfix patches

Sometimes restart is necessary. In that case, yum-utils (dnf-utils) provide an excellent utility “needs-restarting”. This utility can inform us if a restart is required. If we mix all this we realize that automated patching is not that hard.

· 2 min read

Check open port without telnet

This post cover alternatives for checking open port without telnet. Some companies have strict policies and it can happen that telnet is not available.

And you know what? There is no requirement to install telnet. Just check the below alternatives.