Field Notes

Linux security notes for the people closing the tickets.

Patch windows, CVE queues, service restarts, reboot debt, exposed ports, compliance evidence, and the messy gap between “updated” and “fixed.”

Jun 28, 2026 Brian

Build a post-patch Linux verification CSV with Ansible

A practical RHEL-family workflow for using Ansible to collect host, kernel, package, restart debt, deleted library mappings, and listening service evidence into a CSV after a patch window.

Linux HardeningVulnerability ManagementPatch Operations

Jun 17, 2026 Brian

The patch installed cleanly. The vulnerable code may still be running.

Package managers show what changed on disk. They do not always show whether long-running services still have old libraries mapped in memory, or whether a host is still booted into the vulnerable kernel.

Vulnerability ManagementLinux HardeningApplied vs Live