Skip to content

2025

  • 6 min read

RHEL 9 V2R5 Changes

It's that time again! These are my notes from examining a diff between V2R4 and V2R5. I always write one of these summaries when I get my hands on the new release of the STIG so I know where to spend my time when updating automation content like Ansible Playbooks, Anaconda kickstart files, etc. Unfortunately, there is more fluff than there is substance in this release, and it is riddled with errors. I get the feeling that people rotate in and out of whatever office actually writes the content, and things like consulting the man pages for various features is something that happens as an afterthought, if at all.

  • 5 min read

Remediating RHEL-09-431016

I get a lot of questions about how to remediate RHEL-09-431016. People report issues like sudo or SSH no longer working afterwards. I was discussing this with my partner in crime, and we ultimately came to the conclusion that unless you really know the RHEL product or you were intimately familiar with the RHEL 7 STIG you would never know that there are a couple of missing links in the process for making RHEL-09-431016 work properly. We had to learn these things the hard way by watching test systems brick over the years, so keep in mind these are lessons we learned back with RHEL 7 and carried forward because not only would we have consistent baselines between generations, but we genuinely believed that the STIG would eventually catch up because these controls are necessary in the context of RHEL-09-431016. You'll see some of that reflected in the Ansible task naming included in this post where we carried forward two critical controls that enable RHEL-09-431016 to function without bricking the system.

  • 2 min read

Where did the time go?

I have been a busy bee. I started this little project in 2023, got busy, and then forgot about it. I originally started this blog on a hosted Wordpress site. I am not impressed with my former host. I am not particularly amused with the antics going around with Wordpress, nevermind that it's a nightmare to manage and maintain.

I finally got around to shutting down the old blog, turning off anything resembling an automatic renewal, and harvesting the content for re-publishing.