Search results for query: hardening

  1. M

    Small Cloud Cluster design and strategy

    Thank you for the suggestion. I did not think of it. PBS would also be a much needed solution for backing up the cluster. I could order a second public IP to assign directly to my *sense VM. Now I just need to think about hardening security for hypervisor itself.
  2. H

    Working on hardening Proxmox hosts - looking for advice regarding some findings

    Hello Proxmox Community & Team, I am working through making a hardened baseline for my teams Proxmox deployment, loosely following CIS Lvl1/2 and DISA STIG requirements for Linux operating systems. I have made good progress, and have built out a hardened PVE cluster successfully that has...
  3. UdoB

    Suggestion: Forum section with frequently asked questions on Proxmox products

    Sure, I am just brainstorming. The difference between a compact FAQ and a broader knowledge base with snippets about all kinds of topics may be defined hard or soft. Yes. Again and again... Huh? I really do believe staff is appreciating your - and of several others of course - contributions...
  4. J

    Suggestion: Forum section with frequently asked questions on Proxmox products

    Well I don't really mean something like hardening since it's difficult to give generic advice for stuff which lies in the end in the responsibility of the administrator or software architect. To quote myself: The reason I started this thread, that today I saw two or three threads on the same...
  5. UdoB

    Suggestion: Forum section with frequently asked questions on Proxmox products

    ...are absolutely right. While there is the very fine reference documentation and the official wiki we just have no user-contributable “FAQ / Hardening / Best practice” documentation. The "natural" place would be the wiki under pve|pmg|pbs.proxmox.com, but probably that should really be left for...
  6. E

    Could PVE migrate vm without 'root' accout

    Hi All, I have a question about pve vm migration. As my company have to take security hardening control on the PVE host. The PermitRootLogin setting in file '/etc/ssh/sshd_config' must set to 'no'. By defafult, when pve doing vm migration, the root account will ssh to the target pve host then...
  7. V

    [SOLVED] Issue with permissions in /etc after pct restore

    I found the solution! The issue was caused by a hardening setting I had applied, which modified the umask in /etc/bash.bashrc to 027 instead of the default 022. This stricter umask was setting more restrictive permissions during certain operations. After reverting the umask back to 022, the...
  8. itNGO

    Proxmox server hardening document for compliance

    Server still runs, but we are on only one server where Hardening is done.... long term prototype....
  9. F

    Proxmox server hardening document for compliance

    @itNGO , i also went for hardening with CIS Benchmark Debian 11/12, also Benchmarked with Wazuh (sad that there is only the .yaml for the Family Linux). What is your experience? Did you get errors or problems ? I do have about ~75% Score (no FW Settings right now, some are also false...
  10. J

    Security Hardening

    ...know or don't care about this and thus use still the less secure defaults. A sysadmin however can use systemd overrides, for additional hardening but he will have do do thorough testing to make sure that everything still works. Coming back to proxmox: Propably proxmox services could also be...
  11. E

    Educational Content

    This is NOT off-topic in the sense that people were asked to work for free (not by you, but in this thread) and then we got into the logic of supporting something else that supposedly provides other guarantees, but enterprise not switching over because features are missing. I simply quoted...
  12. t.lamprecht

    Educational Content

    ...with the part that hardened our TFA implementation became: https://bugzilla.proxmox.com/show_bug.cgi?id=4584 which is fixed and updated. The second one is a mere enhancement with more question open and a mediocre ROI, especially after the hardening was implemented, so it was put on the back...
  13. E

    Need guidelines for securing proxmox

    No: https://forum.proxmox.com/threads/should-an-official-proxmox-hardening-wiki-page-be-created.148732
  14. P

    Privacy of multiple users on one Proxmox machine

    Yes my understanding on security hardening is very limited, otherwise I would not be asking these questions ;). But yess you are right you need 3 nodes ideally. However, I would like a system that when the servers at my house are down for reason x (e.g fire, power outage, hardware failure)...
  15. E

    Privacy of multiple users on one Proxmox machine

    What kind of connection and routing will that have? But we may give a piece of advice on this forum to have the OP e.g. run this entirely within VPN only accessed segment. :) So that this is not really a problem. I am not sure what you are attempting to achieve still. Maybe after you...
  16. G

    Privacy of multiple users on one Proxmox machine

    True. But the general security hardening of the average Joe's home server doesn't come anywhere near to the enterprise solutions. I must be honest here, looking at the OP's post - I'm not sure how much he knows about security hardening at all. So just setup a PBS instance on both servers, & use...
  17. V

    Debian 12 LXC Template SystemD Failures

    Hi all, I'm experiencing this same issue. (still new at Hypervisors so sorry if I misspeak) Running on an unprivileged container, tried with both nesting on and off, opening the console is blank until you wait like a few minutes, then the login message comes up and works perfectly fine. I've...
  18. W

    Debian 12 LXC Template SystemD Failures

    ...systemd-logind.service files between Deb12 and Ubuntu 24.4. In both ProtectControlGroup=yes is set by default - one distribution is working and the other not. So both are applying the hardening with different results. The test containers are both running as unprivileged, unnested for isolation.
  19. M

    Debian 12 LXC Template SystemD Failures

    What about privileged containers though?
  20. fschauer

    Debian 12 LXC Template SystemD Failures

    As a hardening measure, systemd tries to setup namespaces. In the instance of the Debian LXC template, it seems that setting ProtectControlGroups= to no in /lib/systemd/system/systemd-logind.service lets the systemd-logind.service start successfully. Another way to work around this is to enable...