Duo Implementation

[oceanfabreeze]

VLAN/Duo

[oceanfabreeze]

Had to set transmission selinux to permissive to get radarr service started. might wanna check up on that. Figure out how to keep VPN connected 100% of the time.

also create a plex specific account for the NAS -useradd plex -/etc/fstab uid

[oceanfabreeze]

Upgraded the RHEL boxes today. Duo became unresponsive and I can no longer ssh to the boxes. Trying to understand why.

[oceanfabreeze]

pam_duo.so module no longer works for some reason. Duo release update maybe? Switching to login_duo.

Modify login_duo and sshd_conf and restart SSHD.

[oceanfabreeze]

Duo is implemented on all servers but the NAS's for now. Closing and creating new issues for the rest of the security items.

[oceanfabreeze]

Spoke too soon. login_duo causes issues with ansible for some reason, we will have to revisit.

[oceanfabreeze]

Plan right now is to use the ansible user to run the playbooks with an extremely long and complex password.

[oceanfabreeze]

Create ansible user on ClientServer Add to group wheel Change to hard password Fix visudo for password less sudo for wheel.

Copy SSH Key for Ansible user on Automator -> ClientServer.

Hosts are then onboarded for automation server to bypass 2FA for automation.

Need to add other servers, add to cron, then should be able to close this one out.

[oceanfabreeze]

Committed new hosts and postinstall.yml for ansible.

[oceanfabreeze]

Ansible updated. Just need to finish implementing duo.

[oceanfabreeze]

Duo implemented on all servers and vaultwarden. Might need to config for homebridge, but will add that to a separate issue.

[oceanfabreeze]

Reopening because this will need to be redone

[oceanfabreeze]

Login_Duo is configured on all current servers. Will need to have the ansible user bypass somehow once ansible is set up

[oceanfabreeze]

Duo should be configured properly from here on out. Closing.