Search results for query: hardening

...? I'm not here to rant about ZFS, I rather want to understand why it failed so badly, I want to discuss hardening approaches, possible flaws in the ecosystem (better recovery tools?), and collect information about recovery (which is all over the place). So far, I found that * ZFS is very...

...idea to include these reccomendation in a Wiki Page or Community Tutorial or something, like "we take no responsibility, but here is a good hardening baseline config for your servers, use at your own risk or something like that". Would avoid lots of Frustration with people getting MAC Abuse...

...seemed to help. I also added this in order to Harden the System against Attacks (not really Network related though) in /etc/sysctl.d/99-hardening.conf: # eBPF exposes quite large attack surface and must therefore be restricted # These sysctls restrict eBPF to the CAP_BPF capability...

We are currently testing hardening-script from ovh-cloud. https://github.com/ovh/debian-cis Using Level 3 on a PVE-Server and for now it looks like it is still running normal but far more "secured". Would be really nice to have some more guides or a "more" secured default Proxmox-Install...

A big part of hardening on any platform is to change default configurations to something more secure. You are right, they both start fairly secure. Install sudo Create and user non-root users Enforce TOTP (TFA) in the GUI on all accounts Ensure TLS certificates for the GUI Harden ssh (guides...

...couple of VMs in production server on a 3-node cluster using Proxmox and ceph. Now few auditors are requesting for a guideline for hardening the proxmox installations, since we are running the vms in production. We used the iso files of the Proxmox ve and Proxmox backup server to install...

...the installed debian distribution linux_packages: - '{{ os_architecture }}' - '{{ linux_version }}' # list of file paths to remove path_to_files: - '/etc/hostname' - '/etc/hosts' # security software for hardening purposes security_packages: - 'ufw' -...

...in almost 3 years now), but I wanted to be covered in case it does change so I don't lose access to it. What are some best practices for hardening this if I'm exposing some VMs to the Internet? I was planning on using an Alpine Linux VM with Nginx Proxy Manager on it and expose only that to...

The Proxmox VE Cluster uses port 22 (SSH) for data synchronization. In principle, every PVE host in the cluster has equal rights and can connect to every other PVE host in the cluster using SSH. As a result, an attacker who manages to break out of an LXC container or a KVM guest on any PVE host...

Microsoft is using Hyper-V technology for an ever increasing number features in Windows, including security hardening I/O. So you can quickly run with an extra nesting layer without knowing. And naturally it doesn't care about compatibility with other hypervisors than its own: why have anyone...

Hello, I want to configure fail2ban also for the web-gui of PBS. I followed the wiki and it worked well for PVE. I used the systemd-variant. My PBS is installed directly on the PVE hypervisor and whatever I configure, fail2ban is not detecting failed login attempts. Maybe someone else already...

...decision is not to change the solution behavior, most probably, I will end up doing that. But that doesn’t look clean to me; it is a hardening that could be avoided. And will require preparing documentation and procedures to mitigate that one. I want to open a respectful discussion on...

There is a certain amount of irony here as that I am an IT guy not knowing which way I need to go, as I had other jobs in life and mostly in the stupid windows world, the current result of my proxmox setup is definately too overwhelming and thus issues WILL come, and with far not hassle free and...

...# (core) Distributed Ceph storage using Rook disabled: cert-manager # (core) Cloud native certificate management cis-hardening # (core) Apply CIS K8s hardening community # (core) The community addons repository dashboard # (core) The...

...(Unless the web GUI backup log output does not show the full log.) For the filesystem I use the following: And as far as I know I do not have any extra security hardening that is not included by proxmox VE itself. And I managed to find this in the journal but it is not really any more...

...diesen gleichtun wollen. Dennoch darfst du nicht vergessen, dass ein SIEM letztlich ja keine Angriff abwehrt, insofern solltest du auch das Hardening deiner Infrastruktur nicht vergessen und auch bei dem SIEM Agent auf eine verschlüsselte Kommunikation achten. Zum Thema lsb_release selbst...

...of all, if necessary. I can't quite get on with the instructions. I have found another possibility here, can I do this with an existing installation? Same parameters as above. Is this still possible? https://dustri.org/b/hardening-proxmox-against-physical-attacks.html What would you...

Please look that forum, this question is asked multiple times: https://forum.proxmox.com/threads/hardening-proxmox-security-best-practises.19286/ https://forum.proxmox.com/threads/server-hardening-please-audit-my-setup.127446/...

We will need to implement proxmox security hardening. may I know what are the available standards or methods to do proxmox hardening?

Hi, just a guess, but did you install/configure any security hardening features that might restrict execution of setuid binaries or the nobody user?