Search results for query: hardening

...(Unless the web GUI backup log output does not show the full log.) For the filesystem I use the following: And as far as I know I do not have any extra security hardening that is not included by proxmox VE itself. And I managed to find this in the journal but it is not really any more...

...diesen gleichtun wollen. Dennoch darfst du nicht vergessen, dass ein SIEM letztlich ja keine Angriff abwehrt, insofern solltest du auch das Hardening deiner Infrastruktur nicht vergessen und auch bei dem SIEM Agent auf eine verschlüsselte Kommunikation achten. Zum Thema lsb_release selbst...

...of all, if necessary. I can't quite get on with the instructions. I have found another possibility here, can I do this with an existing installation? Same parameters as above. Is this still possible? https://dustri.org/b/hardening-proxmox-against-physical-attacks.html What would you...

Please look that forum, this question is asked multiple times: https://forum.proxmox.com/threads/hardening-proxmox-security-best-practises.19286/ https://forum.proxmox.com/threads/server-hardening-please-audit-my-setup.127446/...

We will need to implement proxmox security hardening. may I know what are the available standards or methods to do proxmox hardening?

Hi, just a guess, but did you install/configure any security hardening features that might restrict execution of setuid binaries or the nobody user?

...Ransomware attacks on vSphere ESXi Hypervisors and are very concerned about Proxmox being targeted too. We are planning on doing the hardening of Proxmox hosts and implementing a security audit using lynis. During the course of this audit I am sure to hit many roadblocks and will seek help...

...I have disabled all outside ports and connections, except for access via SSH tunneling. In this way, what is my strategy for server hardening? My setup: - disabled root login - use ssh keys instead password - do not change the default SSH port, because I do not accept connections apart...

Hi. Don´t take this personally to you. I just mentioned the meltdown as an example of a problem that most people didn't know about. The fact your scenario working doesn´t mean have no bugs. Again is not an adequate response. This does not change the io_uring problems with other people. If you...

...NO * Kernel is compiled with IBPB support: YES * IBPB enabled and active: YES * Mitigation 2 * Kernel has branch predictor hardening (arm): NO * Kernel compiled with retpoline option: YES * Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline...

...TCP/UDP port, and probably every other protocol out there). My questions are all in regards to inherent optimal security and firewall hardening and are as follows: 1. Should I use a virtual interface for this or should I use PCIe passthrough and IOMMU for the NICS to pfSense? My other...

You cannot fix it, but you the Proxmox Linux kernel is mitigating the problem using various techniques to keep you safe. If you want hardware that is not vulnerable (out of the box without mitigations) you need to buy other hardware. However, I don't think there is any modern system that is...

...only) * Kernel is compiled with IBPB support: YES * IBPB enabled and active: YES * Mitigation 2 * Kernel has branch predictor hardening (arm): NO * Kernel compiled with retpoline option: YES > STATUS: VULNERABLE (IBRS+IBPB or retpoline+IBPB is needed to mitigate the...

Hello, I always use Ubuntu Server, but at the moment I need a VM. Below is my current setup for a secure Proxmox. What else should I add? - Keep system up-to-date -- Update and upgrade the system -- Enable automatic security updates - Secure SSH access & user account security --...

...thread and helped me get k3s running on unprivileged LXC containers with saltstack. I further complicated the install by following the CIS hardening guidelines and HA etcd guides. I am still working on it at the moment. tabnul's comments about too many permissions and it being difficult and...

vzdump use the qemu monitor command api to backing up I think, so the reading backup transfer rate depends on the vm load and from the host load. Can the hight vzdum transfer rate compromise the disk I/O by hardening I/O wait?

...key authentification, firewall, end-to-end encryption, VPN, reverse proxy, AMCE certs, 2FA, DMZ, intrusion detection, backups, security hardening, ... parts because that would go really into the details and you don't want to overwhelm the readers. Then they will only do the limited stuff you...

I found the issue, earlier this year we rolled out an SSH hardening that set AllowTcpForwarding to no. Now that I changed this value to yes the migration works again. thanks all for helping!

...further, it doesn't appear that I'll ever be able to chattr over a NAS share...at least not with how Synology is configured from a system-hardening perspective...and it makes sense. There is no direct root access, for good reason, without a privilege escalation...which is required for chattr...

...works quite well from the outside of my network. Any word on how secure it is running the spiceproxy exposed this way? According to the description, it runs with very limited privileges, but I'm still concerned. Any other ideas on how I could go about hardening it in this particular case...