Today, I decided to have a quick revision on SELinux as it’s been a long while that I worked on any projects that required my attention to fiddling with SELinux. While I was looking for an sealert in /var/log/messages on my Fedora based desktop, I found a real issue that I need to fix. Like most of my blog posts, I’d like to start writing the post while I was about to solve the issue. ...

Earlier today, I have a need to check for a UDP opening port on a remote Linux server. And I felt blank in my brain, like I never done this before. Then I remember with TCP, I could use nc command to check it. Something like: ➜ nc -vz opnsense 22 Ncat: Version 7.92 ( https://nmap.org/ncat ) Ncat: Connection to 2400:a888:333:0:222:ffff:fe54:67de failed: TIMEOUT. Ncat: Trying next address... Ncat: Connection to 192.168.1.1 failed: TIMEOUT. Ncat: Trying next address... Ncat: TIMEOUT. The above output indicates that there is a failed connection between my computer to the remote host ‘opnsense’ on port 22. ...

This post documents what I learned about creating custom Axum extractor which can be used with the validator for validation. Create a new test project: ➜ cargo new request-validator cd request-validator The first crate to be added is axum for Axum framework. request-validator on  main [?] via 🦀 v1.79.0 ➜ cargo add axum Updating crates.io index Adding axum v0.7.5 to dependencies Features: + form + http1 + json + matched-path + original-uri + query + tokio + tower-log + tracing - __private_docs - http2 - macros - multipart - ws Updating crates.io index Locking 82 packages to latest compatible versions ... We also need tokio crate that works together with axum. ...

There is a container that I cannot stop. TL;DR the solution that worked for me was rebooting the host system. Anyhow, I’ll share the troubleshooting steps that did not work. ❯ podman stop semaphore-postgres WARN[0010] StopSignal SIGINT failed to stop container semaphore-postgres in 10 seconds, resorting to SIGKILL Error: given PID did not die within timeout ❯ podman ps -a | grep semaphore-postgres a688a42c4c15 docker.io/library/postgres:16 postgres 17 minutes ago Stopping 0.0.0.0:3000->3 000/tcp semaphore-postgres Instead of “If at first you can’t stop a container, try, try again”, can we just kill it? ...

For instances which use version 2 of instance metadata, IMDSv2, run the following 2 commands: [ec2-user@ip-172-31-45-35 ~]$ TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` [ec2-user@ip-172-31-45-35 ~]$ curl -w "\n" -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/instance-id i-04bd6066612345678 If you use IMDsv1, then there is no need generate the TOKEN value first, just query the instance-id directly: [ec2-user@ip-172-31-45-35 ~]$ curl -w "\n" http://169.254.169.254/latest/meta-data/instance-id In my case, it returned nothing as my EC2 instances uses IMDsV2. Oh, by the way, are you aware of -w or --write-out flag for curl? It’s pretty cool, you can use it to inject a newline character e.g. "\n" to the end of output from the curl command.