Search results for query: hardening

...admin users that can use sudo? Is this all done manually? Maybe add TOTP to local admin users, too Restrict SSH even more, e.g. via this hardening guide. SSH only from management lan via SSH config or via Firewall? This is not very clear in the document. SIEM is good, but AFAIK there is no...

A real quick question guys. I have a few containers exposed and I want to be able to protect them as best as I can. At the gateway is NPM and then LXC and vm's. So is hardening the Proxmox firewall sufficient or is it recommended to have something between the NPM and the containers?

Hello, I need boot order has working in mode EFI for a mode deployment OS with automatication by WDS full . For post-installation, i was requiered to switch boot order Net by Disk. Required Fix please.

...v4 and add repack options. * d/copyright: Convert to machine-readable format, adding missing info. Closes: #1024602. * Enable all hardening flags (Christian Göttsche). Closes: #1021082. * Fix build on musl (Helmut Grohne). Closes: #1023053. -- Matthias Klose <doko@debian.org>...

...without quiet. System hangs at loading initial ramdisk image, eventually continuing the boot process. So far three servers with the same configuration have this issue. I'm going to try a 4th DL360, but it is not in the same cluster and is configured differently with no extra hardening applied.

I know, but even if you have an EFI disk present which doesn't have secureboot enabled, the PXE option is still gone.

that will disable secureboot, which is the precondition for a lot of those hardening measures.

I can also confirm that you'll get the PXE option back without having an RNG device if there's no EFI disk present at all. Just remove your EFI disk and the option will be back, this makes the so called "hardening" measure even more nonsense to me.

...and here I thought it was just me. ;) Me too! (I've been running PVE for almost two weeks, haven't a clue what VirIO RNG even is yet.) I have no idea what that means, but thank you for the explanation!

I've just created a new VM, and the VirtIO RNG is not automatically added. Would it be better to add it automatically when a new VM is created? I think some people will be surprised that their VMs can no longer PXE boot :(

because EDKII implemented a security hardening measure that means network booting requires a source of entropy, if none is found network booting is disabled.

I love you man !!! This solved the issue I've been fighting against for the past 2 days....

I would also be interessted in the results of this CIS hardening. As you've already said ... why would adding another insecure ring of encryption help in this case? Having the encrypted data AND the key to decrypt it on the same machine does not make the system more secure. Can you try to...

I'm currently hardening my environment, and my current task is SSH. Looking at my single VE node, I see that SSH is enabled. After a quick search, it seems SSH may be required for VE operations. I use only the web interface, I never SSH into VE. VE is not in a cluster, although that could change...

...put it in direct connection to the internet without additional protection, you will need to reconfigure it, to gain a resonable level of security. If you want some common practice ideas, look here...

...kann man Dienste übrigens noch weiter verriegeln, auch wenn die nicht als Container laufen: https://github.com/alegrey91/systemd-service-hardening https://www.linux-magazin.de/ausgaben/2021/11/systemd-analyze/ Aber bevor man Dienste absichert, sollte man erstmal zusehen, dass nur der Kram von...

...das sieht (gerade das erste Mal gesehen) sehr ausführlich (erschöpfend ;) ) aus: https://trimstray.github.io/the-practical-linux-hardening-guide/ (1) AppArmor ist vom Handling einfacher, SELinux unter Redhat Systemen ausgebauter, man kann nur eines der beiden verwenden, aber auch hin- und...

...for example, that from the LXC lsblk shows me all PVE disks or that netdata shows all IO rates and much more. Is there any additional hardening steps to safeguard the PVE host? what are the risks for the host and the other VMs/LXC Is VM is the better/only way to go? Thoughts and prayers...

...deploying on and then applies these steps to the VM during the build. For the most part, these configurations include basic tasks like hardening the VM and installing Docker. However, I’ve encountered scenarios where I need to include secrets in the configuration for more complex...

You would still need a solution for a offsite backup in case your datacenter ends up in fire like the OVH one in Straßburg. PBS allows to sync between PBS so that would be the road I would go ( e.g. via a small Server in your office)