Kurgan's latest activity
-
KKurgan reacted to fabian's post in the thread PBS integrity check: is the hash computed on PVE or on PBS? with
Like.
there are actually multiple checksums. chunks contain a CRC (verified on each read of the chunk) and have a digest (that the chunk is referenced by). both are calculated on the client side, the CRC is verified by the server upon upload, the... -
KKurgan replied to the thread [SOLVED] Ransomware protection?.About backup encryption abuse, see this: https://forum.proxmox.com/threads/verification-of-encryption-integrity.168204/
-
KKurgan replied to the thread [SOLVED] Ransomware protection?.Of course I have offline backups, a management network that's not the same as the users network, restricted access (you need a vpn to access the management from the LAN), etc. Still I'm thinking of the issues if someone somehow becomes root on...
-
KKurgan replied to the thread PBS integrity check: is the hash computed on PVE or on PBS?.Thanks a lot for the explanation, it's very clear and I like the fact that this protects the best part of the backup chain of hardware and software. This means that if the PVE host does not corrupt data, then any further corruption, even in the...
-
KKurgan reacted to UdoB's post in the thread PBS integrity check: is the hash computed on PVE or on PBS? with Like.
It is (first) calculated on PVE. Then this checksum is transmitted to PBS - only the checksum, no data. If a chunk with that checksum already exists on PBS then some references are updated to reflect this new backup. Only if that checksum is...
-
KKurgan posted the thread PBS integrity check: is the hash computed on PVE or on PBS? in Proxmox Backup: Installation and configuration.I'm looking for an information I cannot find. When a backup is made to PBS, I understand that all the blocks have an hash that allows for integrity checks to be done later, and they indeed are done on the PBS host multiple times. (there is a...
-
KKurgan replied to the thread Verification of encryption integrity.Setting an alert on the PBS side is indeed a good idea. If the threat actor has compromised the PVE server (the host, I mean) but for some reason not the PBS server, then we can get an alert for this anomaly in the backup chain. While I'm sure...
-
KIf we set threshold-based warnings on the PBS side, then the treshold value will only be known to the PBS administrator. It certainly makes no sense to substitute the role of SIEM, so IMHO I consider threshold-based warnings to be sufficient...
-
KHi folks, I tested changing the encryption key for PBS backups. Unfortunately, the backup job and verification job did not notify me that the key had been changed. This is the behavior of PVE/PBS as I understand it from the documentation. No...
-
KKurgan reacted to yorilouz's post in the thread Error restoring host backup: "unexpected offset" - mount works, restore fails with Like.
Hello, I'm encountering a persistent issue when trying to restore a host backup made with proxmox-backup-client. While the backup verification process completes successfully and I can mount the backup without any apparent issues, the restore...
-
KKurgan reacted to Der Harry's post in the thread [TUTORIAL] Datastore Performance Tester for PBS with Like.
This is a performance tester for datastores of your PBS. -> Intended before you setup a production PBS. <- apt-get update apt-get install git git clone https://github.com/egandro/pbs-storage-perf-test.git cd pbs-storage-perf-test # replace...
-
KKurgan reacted to Der Harry's post in the thread [TUTORIAL] Datastore Performance Tester for PBS with Like.
Is anybody interessted in extending the test for the new virtiofs feature? I really wonder how how this performs. e.g. smb share on proxmox -> virtiofs sharing -> pbs VM and mointing that as storage path ... "because it's 1) there and 2) it's...
-
KHi, I have a proxmox-machine with six NICs, each with its vmbr. I have set IPv4/6-addresses only on one vmbr because this is the managing vmbr. The other NICs/vmbrs are only for VMs with different networks. IPv4: Everything worked as expected...
-
KKurgan replied to the thread IPv6-address on all interfaces.Sorry for picking up this thread after a long time, but I have just had the same issue. I have noticed that the "VM only" bridges, that I do not intend to be used to reach the PVE host itself, have a link local v6 address and that I can actually...
-
KNo, all interfaces got IPv6-Adresses via Router Advertisment. And the hypervisor should not be reachable in all subnets he is providing for the VMs. Yes, using the firewall is a possible solution. But I feel better when the hypervisor only gets...
-
KKurgan replied to the thread Updated to 8.2 - DMA error.It seems that the HP microserver gen8 is really becoming obsolete. Max RAM is only 16 GB and every day we find more issues...
-
KI am running the gen 8 with HP P420 HBA, with proxmox 9 (Debian 13 Trixie). I just came across this because i was getting same error. I did the grub changes suggested above, and have not seen the issue so far within 1 hour and over 3 terabytes of...
-
KKurgan replied to the thread Updated to 8.2 - DMA error.This is interesting indeed, please keep us informed. Did it run smoothly on Debian 11?
-
KI also have an HPE ProLiant MicroServer Gen8 (with E3-1220L V2): it's not running Proxmox (yet) but I've been testing this hardware using vanilla Debian 12.11 (kernel v6.1.140-1). OS is installed on a dedicated HDD connected to the B120i...
-
KKurgan reacted to bunker195's post in the thread Migration of VM to a new install of proxmox. with Like.
you should have just put safety pins in your neck and gone with it! Now that my migration is done, I found what seems to be a really good linux tutorial and have started working my way through that. The lawn can wait...