Search results for query: hardening

...practically require a SIEM to detect malicious activity, because it’s just a user (eg apache) that runs code within its permitted bounds. SELinux and other hardening tools simply make it better defined what the boundaries for those users are, something that is likely sorely missing from Windows.

...and it should be treated as such. We harden all of our servers, and put security software on all of them, AV/EDR/XDR is not in lieu of hardening it's as well as hardening. It's seen as defence in depth, admin accounts do get compromised and perhaps an AV/EDR agent will pickup malicious...

...list but his point still stands. Beside that before one installs a security software (no matter which) it's more important to do regular hardening of the Linux hosts like reconfiguring ssh to allow only public key or certificate authentication or other best practices of running Linux servers...

I am not convinced of the supreme benefit of adding an antivirus to a hypervisor; it is really more a question of ticking a box, yes. It can be F-Secure, ClamAV, or another one. I haven't seen any official statement from Proxmox on this subject, that's why I'm asking here - and I don't have...

...you to believe you need antivirus on the host are probably the much bigger issue. If by “antivirus” you actually mean general security hardening or third-party security tools, they'd likely need to know which specific software you’re referring to. In that case, it would probably be best to...

Hi, Looks like some monitor commands are too powerful to expose via API tokens and it was intentional security hardening. But you can use supported API calls instead of qom-set, many device changes (CPU, memory, disk, network) now have official API endpoints. For example, virtio-mem resizing...

...directly (or indirectly) on Samba being present, even when CIFS/SMB storage is not configured or used. My Concern: From a security and hardening standpoint, it’s generally desirable to reduce the installed footprint and eliminate unnecessary network-exposed components. While Samba itself...

...1 node but not on the other (it does ask for OTP but is not accepted) Now with allowing password login and allowing root both examples work with no problem. Could someone shine some light on this? Maybe suggest some other hardening? (Firewall is active and only allowing a few IPs) Many...

...zu beschränken. Das ist das was ich da als absolute Baseline betrachten würde. Man kann darüber hinaus natürlich noch weiteres SSH-Hardening + Zugriffe via VPNs einrichten. (Wireguard wäre da meine persönliche Empfehlung) Falls die Workload ins Internet exposed werden soll, würde es sich...

That probably depends on your customers more than it does you. Having some exposure to the industry, I can tell you most studios will effectively give you their policies when you'll submit a vendor security questionnaire. "Proxmox" isnt really relevent in this conversation. Lynis produces a...

...also for the helpful links, we will go through each of them and check everything. Additionally I would like to add that we also found this hardening guide, which seems to be helpful (and may help other readers here later on, too). Be aware we still not verified it completely but we will work...

...way around, I prefer your approach :) I remember some earlier discussions on this e.g. https://forum.proxmox.com/threads/proxmox-server-hardening-document-for-compliance.146961 or https://forum.proxmox.com/threads/proxmox-security-hardening.136924/ The search function will also yield some...

...deployment of our Proxmox hypervisor, as we have experience with PVE, but not directly in production. We would like to know if additional hardening of the PVE hypervisor is necessary. From the outset, we opted for an immutable infrastructure and place value on quality and “doing it right and...

This worked, Thanks Man

Hello, Am I wrong to define a custom x86-64-v2-AES like that? in /etc/pve/virtual-guest/cpu-models.conf: cpu-model: my-x86-64-v2-AES flags +aes;+popcnt;+pni;+sse4.1;+sse4.2;+ssse3;+md-clear;+pcid;+spec-ctrl;+ssbd;+pdpe1gb reported-model qemu64 hidden 0 Goal is to...

Hi y’all, I’ve released a Proxmox hardening guide (PVE 8 / PBS 3) that extends the CIS Debian 12 benchmark with Proxmox specific tasks. Repo: https://github.com/HomeSecExplorer/Proxmox-Hardening-Guide A few controls are not yet validated and are marked accordingly. If you have a lab and can...

...as it could expose the hypervisor to potential exploits. Is there a roadmap to address these security concerns, perhaps through enhanced hardening or isolation? Ideally, we’d love to see an appliance-based backup solution similar to what’s offered for VMware, or at least the option to...

...joining and authentication - **HA with CTDB**: High availability clustering - **Performance Monitoring**: Real-time metrics - **Security Hardening**: SMB protocol security ### ** Known Limitations** - VM mode requires manual template setup - AD integration needs real domain testing - HA...

...CTDB**: High availability clustering (needs multi-node testing) - **Performance Monitoring**: Real-time metrics collection - **Security Hardening**: SMB protocol security features ## **Key Benefits for Administrators** | **Traditional Method** | **SMB Gateway** | **Administrator Benefit** |...

...with any further configurations. I’ve read some articles recommending a single partition approach, such as this one: https://dustri.org/b/hardening-proxmox-against-physical-attacks.html. Additionally, I’ve come across many resources that suggest using full disk encryption combined with ZFS...