Search results for query: hardening

...on top of Debian that yields secure boot issues. Pretty much, if you perform a Debian install with custom partitioning with a nod to hardening compliance on partitions then install PBS, it breaks unless you revert to the Debian shim/grub. PBS doesnt (didnt?) force a custom kernel install but...

...of snapshots, especially the timely pruning of snapshots (not just the timely creation and replication of the latest snapshots). Also added security hardening and running without ssh configuration files. Details are in the changelog: https://github.com/whoschek/bzfs/blob/main/CHANGELOG.md

...ExecStart=/usr/local/bin/network-failover.sh StandardOutput=journal StandardError=journal SyslogIdentifier=network-failover # Security hardening PrivateTmp=yes NoNewPrivileges=false ProtectSystem=full ProtectHome=yes [Install] WantedBy=multi-user.target...

...Directory stack again. With Proxmox, I’m mainly looking for: a minimal and stable hypervisor layer, independent from Windows patching, hardening and role changes simple snapshot / rollback and bare-metal recovery workflows a clearer separation between infrastructure services (AD / DNS /...

...services not starting after reboot (e.g. Defender) Malfunctions in services relying on COM / DCOM (e.g. Active Image Protector) Security hardening automatically applied by AD DS affecting applications not designed to run on a DC System restore difficulties (drivers / storage) despite valid...

...= 1 net.ipv4.conf.all.log_martians = 1 net.ipv4.conf.default.log_martians = 1 net.ipv4.tcp_rfc1337 = 1 # Kernel hardening kernel.randomize_va_space = 2 kernel.kptr_restrict = 1 fs.suid_dumpable = 0 kernel.core_uses_pid = 1 # Disable IPv6 net.ipv6.conf.all.disable_ipv6 = 1...

Hello, As part of Proxmox Hardening I need to review the below binaries and make sure that SUID or SGID permissions are required. These were listed by some Debian 13 hardening audit script (https://github.com/ovh/debian-cis/tree/master | 6.1.13_find_suid_files.sh & 6.1.14_find_sgid_files.sh)...

@doitright Hey! Just checking in. You mentioned you found my Proxmox hardening guide and planned to work through it. Also, thanks for sharing it in the thread Did you end up implementing it (fully or partially)? If you did, I’d love to hear: - what worked well / what didn’t - anything that...

Hi y’all, I’ve updated my Proxmox hardening guide, it now includes PVE 9 and PBS 4, in addition to PVE 8 and PBS 3. It continues to extend the CIS Debian benchmark with Proxmox specific hardening tasks. Repo: https://github.com/HomeSecExplorer/Proxmox-Hardening-Guide A few controls are not...

Hi all, author of the hardening guide here. Thanks for bringing this up and sorry for seeing this post so late. Quick clarification, my guide is not saying you cannot or should not use the Proxmox ISO. Maybe I have to adjust the wording there more clearly? For most setups, the Proxmox ISO is...

Hello, We recently documented and automated a basic Proxmox VE 9.1 hardening baseline to support audit and compliance discussions. The repository focuses on: - Proxmox VE host-level hardening (management plane) - Minimal and graduated controls influenced by CIS Debian guidance and official...

...-> r:^640 root shadow$" compliance: - cis: "6.1.5" # ------------------------------------------------------------ # SSH HARDENING (PROXMOX-SAFE) # ------------------------------------------------------------ - id: 91020 title: Ensure SSH root login is disabled...

...easy access to other systems. It’s the same principle as using AppArmor, which confines applications to a defined set of resources via policy profiles to limiting what files, capabilities, and system functions they can access. Overall, it’s about hardening both the network and application access.

This is most likely because, as far as I know, Proxmox is not designed for multi-tenancy, and it’s also not really supported in that sense, at least not multi-tenancy as VPS providers like Hetzner, DigitalOcean, or Linode implement it with full self-service portals, strict tenant isolation, etc...

...to perform compliance scans. For Proxmox there is no official benchmark available. We have to basically build a benchmark ourselves, probably based on the Debian hardening guide and other online information about Proxmox specifics. This should be something we expect from the vendor, Proxmox.

...problem I helped to solve. This is also annoying for people who also stumble over this thread and might be interested whether their problem is similiar to yours. So: Which goal do you want to achieve by hardening? Ticking a box in an audit? Protection against a certain threat (if yes, which...

...to satisfy these specific benchmarks. Assuming that the Proxmox ISO is unusable in a production environment soley based on some online hardening guide you stumbled over is, in my opinion, a bit of a stretch. As Johannes already said, blindly ticking boxes whose implications you don’t fully...

It was discussed in the past, did you already search the forums for it? https://forum.proxmox.com/search/8806046/?q=hardening&o=date Following threads I would consider quite helpful: https://forum.proxmox.com/threads/security-recommendations-for-going-prod-with-pve.172987/...

Hello, I'm looking into hardening Proxmox VE. Unfortunately, there are no official baselines yet for Proxmox, so I'm using the information I can find online and in the Proxmox communities. I came across the following hardening guide...

...of the patch got applied with qemu-server = 9.1.2 which is currently available in the pve-test repository, so it would be great if you could test with that instead! While the early version of the patch should also work, the applied one is a slightly nicer approach and also adds a bit of...