Search results for query: hardening

Hi We are looking into hardening our infrastructure to better handle outages due to network or hardware failtures. We use OVH dedicated physical servers for our infrastructure and currently have 3 node PVE cluster. This cluster is currently configured with 2x4TB nVME drives per node, with one of...

...and Proxmox looks like a superior setup. I've created a container with Nextcloud as a turnkey install and I followed some tutorials on hardening the Proxmox through firewall policies. I've also installed nginx to handle port 443 but not 80 as that needs to be used for lets encrypt. As far as...

...-p is which port you need ssh access in case it's different from the default port 22. 8006 is the port you need to forward for the GUI, I then secure this with an encrypted random key. further, you can secure the ssh server by modifying the sshd_config for further hardening. Hope it helps...

I have been looking for the best way to encrypt the Proxmox boot drive (one that is not using a hardware RAID setup). From what I have seen the most common way of doing this is over a Debian install with LUKS encryption. I have also found this method. Is there any advantage using one method over...

Herr Jesus, endlich habe ich eine Lösung für dieses Problem gefunden. Auch ich nutze die ssh-hardening Rolle und bin schon fast verrückt geworden. Danke, danke, danke @mlohr!

Is there any disadvantage in using this method over a LUKS encrypted Debian install?

You can generally look for Debian hardening because that is what is running underneath. The LXC chapter of the PVE administration guide has a couple of words about AppArmor.

...(Sorry that this is only available in German) There are basically the following hardening recommendations: Disable KSM can be easily done since 4.x Enabling a Mandatory Access Control (for Debian AppArmor) and confine each VM with a separate AppArmor profile. In the setup they investigated...

ah yes thanks I can confirm it works fine in another browser, but not in a private window of same browser. Must be one of my browser hardening settings thats breaking it though I could not find out which (no addon seems responsible), so I guess I will have to live with that

Hello, Is this only for a fresh install of Proxmox? I only as because I did some server hardening and installed fail2ban. When I tried to install letsencrypt, it will not let me. I am assuming it pertains to something done in post-install? I appreciate any input you can provide. Robert

I have not yet used Docker for services like Plex and NextCloud, but quite a few others, and my experience is that any individualized changes and setup are always stored in config files which are not part the container itself. Isn't that kind of the whole point of docker containers? It is then...

...I don't need to individualize anything. Nextcloud and Plex are things I never would want to be dockerized. There are so much tutorials on hardening security and optimizing performance of Nextcloud by using OPcache + Redis as Cache, optimizing MySQL, optimizing PHP FPM, auto creating SSL...

...above is ZFS my best option? I would like security and I am not extremely worried about privacy. Does anybody have any good tutorials on hardening Proxmox after the initial install and setup of disks, networks/VMs and base software? I have watched and read pros/cons of using RAM without...

I am looking for somt guidance to make my installation of proxmox more "secure" and resilient . I have a cluster of 3 machines with each 2 10G ports. Storage is managed via a NAS connected through a 10 GB port (it also has 2 1GB port) All the machines are connected to a 10G switch I have...

glad that you solved yourself, please mark the thread as [SOLVED] to help other people who have the same problem Thanks! we use: GET, POST, PUT, DELETE.

Found it. We had a hardening on our nginx reverse proxy that got activated with the last reboot. This is the cause: add_header Allow "GET, POST, HEAD" always; if ( $request_method !~ ^(GET|POST|HEAD)$ ) { return 444; } May I ask what additional HTTP method we need to include? Thanks!

Hi, Could you please help me, i get much incoming SPAM, there are any best way to handle SPAM ? like Hardening or tuning any configuration on PMG ? Also i have question about Mail Filter, i have rule like this : - Rules Name : Allow Spam ( Level 0 ) - Action Object : Accept & Modify SPam...

...but changing - especially for management pruposes - vlan 1 to something else is considered best practice and mentioned in probably every hardening guide. I'm also certain you can change the vlan in your USG. So, if your server has multiple NICs then you can just bind them to separated vmbrs...

I remember, I had both on my list too, but F-Secure I mean to remember was also expensive and Eset was one of the solutions, which looked fine, but not official supported any more, you just can find "old" deep links. Dr.Web only looked to be affordable, demonized and still supported, however, I...

Thank you for posting. To be honest your posts regarding hardening PMG where in great help. Yes, we have a integrated servers/client av solution, but it's always good idea to have a second / and diferent/ mail check . As you said , most solutions /gateways/ are paid per user and the the...