Search results for query: hardening

...put it in direct connection to the internet without additional protection, you will need to reconfigure it, to gain a resonable level of security. If you want some common practice ideas, look here...

...kann man Dienste übrigens noch weiter verriegeln, auch wenn die nicht als Container laufen: https://github.com/alegrey91/systemd-service-hardening https://www.linux-magazin.de/ausgaben/2021/11/systemd-analyze/ Aber bevor man Dienste absichert, sollte man erstmal zusehen, dass nur der Kram von...

...das sieht (gerade das erste Mal gesehen) sehr ausführlich (erschöpfend ;) ) aus: https://trimstray.github.io/the-practical-linux-hardening-guide/ (1) AppArmor ist vom Handling einfacher, SELinux unter Redhat Systemen ausgebauter, man kann nur eines der beiden verwenden, aber auch hin- und...

...for example, that from the LXC lsblk shows me all PVE disks or that netdata shows all IO rates and much more. Is there any additional hardening steps to safeguard the PVE host? what are the risks for the host and the other VMs/LXC Is VM is the better/only way to go? Thoughts and prayers...

...deploying on and then applies these steps to the VM during the build. For the most part, these configurations include basic tasks like hardening the VM and installing Docker. However, I’ve encountered scenarios where I need to include secrets in the configuration for more complex...

You would still need a solution for a offsite backup in case your datacenter ends up in fire like the OVH one in Straßburg. PBS allows to sync between PBS so that would be the road I would go ( e.g. via a small Server in your office)

Thank you for the suggestion. I did not think of it. PBS would also be a much needed solution for backing up the cluster. I could order a second public IP to assign directly to my *sense VM. Now I just need to think about hardening security for hypervisor itself.

Hello Proxmox Community & Team, I am working through making a hardened baseline for my teams Proxmox deployment, loosely following CIS Lvl1/2 and DISA STIG requirements for Linux operating systems. I have made good progress, and have built out a hardened PVE cluster successfully that has...

Sure, I am just brainstorming. The difference between a compact FAQ and a broader knowledge base with snippets about all kinds of topics may be defined hard or soft. Yes. Again and again... Huh? I really do believe staff is appreciating your - and of several others of course - contributions...

Well I don't really mean something like hardening since it's difficult to give generic advice for stuff which lies in the end in the responsibility of the administrator or software architect. To quote myself: The reason I started this thread, that today I saw two or three threads on the same...

...are absolutely right. While there is the very fine reference documentation and the official wiki we just have no user-contributable “FAQ / Hardening / Best practice” documentation. The "natural" place would be the wiki under pve|pmg|pbs.proxmox.com, but probably that should really be left for...

Hi All, I have a question about pve vm migration. As my company have to take security hardening control on the PVE host. The PermitRootLogin setting in file '/etc/ssh/sshd_config' must set to 'no'. By defafult, when pve doing vm migration, the root account will ssh to the target pve host then...

I found the solution! The issue was caused by a hardening setting I had applied, which modified the umask in /etc/bash.bashrc to 027 instead of the default 022. This stricter umask was setting more restrictive permissions during certain operations. After reverting the umask back to 022, the...

Server still runs, but we are on only one server where Hardening is done.... long term prototype....

@itNGO , i also went for hardening with CIS Benchmark Debian 11/12, also Benchmarked with Wazuh (sad that there is only the .yaml for the Family Linux). What is your experience? Did you get errors or problems ? I do have about ~75% Score (no FW Settings right now, some are also false...

...know or don't care about this and thus use still the less secure defaults. A sysadmin however can use systemd overrides, for additional hardening but he will have do do thorough testing to make sure that everything still works. Coming back to proxmox: Propably proxmox services could also be...

This is NOT off-topic in the sense that people were asked to work for free (not by you, but in this thread) and then we got into the logic of supporting something else that supposedly provides other guarantees, but enterprise not switching over because features are missing. I simply quoted...

...with the part that hardened our TFA implementation became: https://bugzilla.proxmox.com/show_bug.cgi?id=4584 which is fixed and updated. The second one is a mere enhancement with more question open and a mediocre ROI, especially after the hardening was implemented, so it was put on the back...

No: https://forum.proxmox.com/threads/should-an-official-proxmox-hardening-wiki-page-be-created.148732

Yes my understanding on security hardening is very limited, otherwise I would not be asking these questions ;). But yess you are right you need 3 nodes ideally. However, I would like a system that when the servers at my house are down for reason x (e.g fire, power outage, hardware failure)...