Closed oceanfabreeze closed 1 year ago
Had to set transmission selinux to permissive to get radarr service started. might wanna check up on that. Figure out how to keep VPN connected 100% of the time.
also create a plex specific account for the NAS -useradd plex -/etc/fstab uid
Upgraded the RHEL boxes today. Duo became unresponsive and I can no longer ssh to the boxes. Trying to understand why.
pam_duo.so module no longer works for some reason. Duo release update maybe? Switching to login_duo.
Modify login_duo and sshd_conf and restart SSHD.
Duo is implemented on all servers but the NAS's for now. Closing and creating new issues for the rest of the security items.
Spoke too soon. login_duo causes issues with ansible for some reason, we will have to revisit.
Plan right now is to use the ansible user to run the playbooks with an extremely long and complex password.
Create ansible user on ClientServer Add to group wheel Change to hard password Fix visudo for password less sudo for wheel.
Copy SSH Key for Ansible user on Automator -> ClientServer.
Hosts are then onboarded for automation server to bypass 2FA for automation.
Need to add other servers, add to cron, then should be able to close this one out.
Committed new hosts and postinstall.yml for ansible.
Ansible updated. Just need to finish implementing duo.
Duo implemented on all servers and vaultwarden. Might need to config for homebridge, but will add that to a separate issue.
Reopening because this will need to be redone
Login_Duo is configured on all current servers. Will need to have the ansible user bypass somehow once ansible is set up
Duo should be configured properly from here on out. Closing.
VLAN/Duo