Search results for query: hardening

You can generally look for Debian hardening because that is what is running underneath. The LXC chapter of the PVE administration guide has a couple of words about AppArmor.

...(Sorry that this is only available in German) There are basically the following hardening recommendations: Disable KSM can be easily done since 4.x Enabling a Mandatory Access Control (for Debian AppArmor) and confine each VM with a separate AppArmor profile. In the setup they investigated...

ah yes thanks I can confirm it works fine in another browser, but not in a private window of same browser. Must be one of my browser hardening settings thats breaking it though I could not find out which (no addon seems responsible), so I guess I will have to live with that

Hello, Is this only for a fresh install of Proxmox? I only as because I did some server hardening and installed fail2ban. When I tried to install letsencrypt, it will not let me. I am assuming it pertains to something done in post-install? I appreciate any input you can provide. Robert

I have not yet used Docker for services like Plex and NextCloud, but quite a few others, and my experience is that any individualized changes and setup are always stored in config files which are not part the container itself. Isn't that kind of the whole point of docker containers? It is then...

...I don't need to individualize anything. Nextcloud and Plex are things I never would want to be dockerized. There are so much tutorials on hardening security and optimizing performance of Nextcloud by using OPcache + Redis as Cache, optimizing MySQL, optimizing PHP FPM, auto creating SSL...

...above is ZFS my best option? I would like security and I am not extremely worried about privacy. Does anybody have any good tutorials on hardening Proxmox after the initial install and setup of disks, networks/VMs and base software? I have watched and read pros/cons of using RAM without...

I am looking for somt guidance to make my installation of proxmox more "secure" and resilient . I have a cluster of 3 machines with each 2 10G ports. Storage is managed via a NAS connected through a 10 GB port (it also has 2 1GB port) All the machines are connected to a 10G switch I have...

glad that you solved yourself, please mark the thread as [SOLVED] to help other people who have the same problem Thanks! we use: GET, POST, PUT, DELETE.

Found it. We had a hardening on our nginx reverse proxy that got activated with the last reboot. This is the cause: add_header Allow "GET, POST, HEAD" always; if ( $request_method !~ ^(GET|POST|HEAD)$ ) { return 444; } May I ask what additional HTTP method we need to include? Thanks!

Hi, Could you please help me, i get much incoming SPAM, there are any best way to handle SPAM ? like Hardening or tuning any configuration on PMG ? Also i have question about Mail Filter, i have rule like this : - Rules Name : Allow Spam ( Level 0 ) - Action Object : Accept & Modify SPam...

...but changing - especially for management pruposes - vlan 1 to something else is considered best practice and mentioned in probably every hardening guide. I'm also certain you can change the vlan in your USG. So, if your server has multiple NICs then you can just bind them to separated vmbrs...

I remember, I had both on my list too, but F-Secure I mean to remember was also expensive and Eset was one of the solutions, which looked fine, but not official supported any more, you just can find "old" deep links. Dr.Web only looked to be affordable, demonized and still supported, however, I...

Thank you for posting. To be honest your posts regarding hardening PMG where in great help. Yes, we have a integrated servers/client av solution, but it's always good idea to have a second / and diferent/ mail check . As you said , most solutions /gateways/ are paid per user and the the...

...ciphers to use on SSL-enabled listening sockets. # For more information, see ciphers(1SSL). This list is from: # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ # An alternative list with additional directives can be obtained from #...

...ich es endlich gefunden. Unsere Server werden mit ansible konfiguriert. Darüber wird u.A. die SSH-Verbindung mittels der Rolle dev-sec.ssh-hardening abgesichert. Dadurch wurde tatsächlich die Variable nicht mehr übertragen - und sogar an zwei Stellen gefiltert: In der /etc/ssh/ssh_config...

..."Note:" field where we can type free-form notes, like "Fresh CT Creation" "Latest Updates Applied" "Permission Tweaks" "Security and Hardening Applied" "Test config with special settings" "Trying out pkg XYZ with ABC options" and so on.... A helpful way to identify what's actually in each...

Ich komme gerade (von unterwegs) nicht auf die Maschine drauf, habe da aber einen Verdacht. Wir verwenden ein Ansible-Playbook für SSH-Hardening - welches massiv in die sshd_config eingreift. Da hätte ich selbts drauf kommen müssen, dass das an der Stelle knirschen kann. Allerdings ist die...

Hello. I was following some general security/hardening guides for Proxmox. As general Linux best practice, I disabled the root account and created a new 'administrative' account. The account works fine. However, the auto-shell login in the Proxmox GUI is tied to the root account. How do I setup...

...SSL-enabled listening sockets. # For more information, see ciphers(1SSL). This list is from: # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ # An alternative list with additional directives can be obtained from #...