Search results for query: hardening

...ssl_certificate /etc/ssl/wildcard.XXX.bundle.crt; ssl_certificate_key /etc/ssl/wildcard.XXX.key; include /etc/nginx/snippets/tls-hardening.conf; proxy_redirect off; location / { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade...

Hello! I have a PMG-Cluster on 2 public available VPS servers and want to increase the security. I found this: https://github.com/killmasta93/tutorials/wiki/PMG-Harden Most of it makes the filter rules more advanced, but I am interested in the server itself. So one thing mentioned there, would...

...Expected process to exit with [0], but received '255' ---- Begin output of sysctl -e --system ---- STDOUT: * Applying /etc/sysctl.d/10-hardening.conf ... net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.all.rp_filter = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.conf.all.forwarding = 0...

16 of their emails with attachments like bot.exe.7z bot.exe.zip etc. etc. made it through PMG. Have you guys used any online services to test email security? https://trebuchet.gibthf.com/ every email from these guys came to my inbox. In general what do you recommend to secure your PMG...

Hi We are looking into hardening our PVE setup. Currently access to the web UI is fairly locked down with restrictive inbound firewall rules and 2FA for all users, including root@pam. We do however plan to update the SSH server configuration to disable password-based authentication entirely, so...

...how a proxmox host can be hardened with ufw. I understand that proxmox has a own firewall but I have an ansible role which manage hardening etc. on all my servers and therefore would like to use ufw on my proxmox host. However as I tried to use I saw that my lxc containers had massive...

Seems like it could be: https://bugzilla.kernel.org/show_bug.cgi?id=215943 for which a fix has been applied for the upcoming 6.1 kernel. We can look into how feasible it would be to backport it to current stable 5.15.

I figured this out, embarrassingly I had net.ipv4.icmp_echo_ignore_all, set when I added some hardening settings. Normally I do that at the end, after everything is working.

I've done some trial-and-error. For me, commenting out these two works: # ProtectProc=invisible # ProtectControlGroups=yes Warning: I don't have a clue, how this affects security. Maybe using nested is better (or worse).

...thought it would be as simple as with VirtualBox's shared folders and Docker's volumes. But it's not at all. And I don't want to deal with hardening NFS just to expose the `backups` dataset's subdirs to each VM and CT. I could create a small backup disk for each VM/CT and have that stored on...

pmg does not listen on port 587 in it's default configuration (and does not offer a SMTP-Auth, which is usually required there) if you're referring to https://github.com/killmasta93/tutorials/wiki/PMG-Harden#geoip - I don't see anything which would modify the postfix config regarding TLS there?

...the PMG and the mail servers. I also confirmed this on MXToolbox with 587 appended to the URL. My only question now is, was part of the hardening process restricting non-encrypted SMTP? Or am I looking at another configuration issue? I don't see anything abundantly obvious that would...

...everything's working as expected. What's strange to me is the PMG was working as intended and all checks were passing until I started the hardening procedure! Here's the output from 'pmgconfig dump': pmgconfig dump composed.wl_bounce_relays = pmg.localdomain dns.domain = localdomain...

Hey, all! I've been searching the forum for several hours (and the internet in general), and I'm not finding anything useful. I just moved from a SurgeMail/SurgeVault system to a conventional malfurious/postfix setup, and I incorporated a PMG into the mix to test things out. I haven't yet...

...OK, this is a bit much that needs turning off as I move toward the OpenSSH v9.0p1 while complying with various SSH hardening guidelines, of which the most thorny is “PermitRootLogin off”. so, I started creating and substituting “admin” account for root. I also have this whole other set of...

On a secondary note, I've always found these resources to be educational: https://github.com/decalage2/awesome-security-hardening/blob/master/README.md Cheers, Tmanok

Hi Everyone, Does anyone know of official publications or resources regarding security hardening of Proxmox projects? PVE, PBS, PMG, client tools, etc... There seems to be a lack of documentation on the matter and I'm interested in seeing it pursued. I'm sure that a lot could be pulled from...

hi, Proxmox VE :) the default installation comes with a relatively small set of packages anyway. other "big" packages such as ceph and so on are opt-in. what kind of packages would you like to remove from the default installation? you can get a list of the installed packages with dpkg -l >...

I am pretty much done with my setup and now working on hardening the firewall. My setup has only two bridges, but you can extend it as required. vmbr1 - Upstream for Internet ( WAN ) vmbr2 - Downstream for LAN I am routing my LAN traffic to vmbr1 - which forwards it to Internet. Followed the...

Hi, Is there any best practices to fine tune Proxmos VE, remove unwanted package, hardening and how to keep the setup light weight? Please suggest.. Thanks in advance..