Search results for query: hardening

...Ransomware attacks on vSphere ESXi Hypervisors and are very concerned about Proxmox being targeted too. We are planning on doing the hardening of Proxmox hosts and implementing a security audit using lynis. During the course of this audit I am sure to hit many roadblocks and will seek help...

...I have disabled all outside ports and connections, except for access via SSH tunneling. In this way, what is my strategy for server hardening? My setup: - disabled root login - use ssh keys instead password - do not change the default SSH port, because I do not accept connections apart...

Hi. Don´t take this personally to you. I just mentioned the meltdown as an example of a problem that most people didn't know about. The fact your scenario working doesn´t mean have no bugs. Again is not an adequate response. This does not change the io_uring problems with other people. If you...

...NO * Kernel is compiled with IBPB support: YES * IBPB enabled and active: YES * Mitigation 2 * Kernel has branch predictor hardening (arm): NO * Kernel compiled with retpoline option: YES * Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline...

...TCP/UDP port, and probably every other protocol out there). My questions are all in regards to inherent optimal security and firewall hardening and are as follows: 1. Should I use a virtual interface for this or should I use PCIe passthrough and IOMMU for the NICS to pfSense? My other...

You cannot fix it, but you the Proxmox Linux kernel is mitigating the problem using various techniques to keep you safe. If you want hardware that is not vulnerable (out of the box without mitigations) you need to buy other hardware. However, I don't think there is any modern system that is...

...only) * Kernel is compiled with IBPB support: YES * IBPB enabled and active: YES * Mitigation 2 * Kernel has branch predictor hardening (arm): NO * Kernel compiled with retpoline option: YES > STATUS: VULNERABLE (IBRS+IBPB or retpoline+IBPB is needed to mitigate the...

Hello, I always use Ubuntu Server, but at the moment I need a VM. Below is my current setup for a secure Proxmox. What else should I add? - Keep system up-to-date -- Update and upgrade the system -- Enable automatic security updates - Secure SSH access & user account security --...

...thread and helped me get k3s running on unprivileged LXC containers with saltstack. I further complicated the install by following the CIS hardening guidelines and HA etcd guides. I am still working on it at the moment. tabnul's comments about too many permissions and it being difficult and...

vzdump use the qemu monitor command api to backing up I think, so the reading backup transfer rate depends on the vm load and from the host load. Can the hight vzdum transfer rate compromise the disk I/O by hardening I/O wait?

...key authentification, firewall, end-to-end encryption, VPN, reverse proxy, AMCE certs, 2FA, DMZ, intrusion detection, backups, security hardening, ... parts because that would go really into the details and you don't want to overwhelm the readers. Then they will only do the limited stuff you...

I found the issue, earlier this year we rolled out an SSH hardening that set AllowTcpForwarding to no. Now that I changed this value to yes the migration works again. thanks all for helping!

...further, it doesn't appear that I'll ever be able to chattr over a NAS share...at least not with how Synology is configured from a system-hardening perspective...and it makes sense. There is no direct root access, for good reason, without a privilege escalation...which is required for chattr...

...works quite well from the outside of my network. Any word on how secure it is running the spiceproxy exposed this way? According to the description, it runs with very limited privileges, but I'm still concerned. Any other ideas on how I could go about hardening it in this particular case...

...ssl_certificate /etc/ssl/wildcard.XXX.bundle.crt; ssl_certificate_key /etc/ssl/wildcard.XXX.key; include /etc/nginx/snippets/tls-hardening.conf; proxy_redirect off; location / { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade...

Hello! I have a PMG-Cluster on 2 public available VPS servers and want to increase the security. I found this: https://github.com/killmasta93/tutorials/wiki/PMG-Harden Most of it makes the filter rules more advanced, but I am interested in the server itself. So one thing mentioned there, would...

...Expected process to exit with [0], but received '255' ---- Begin output of sysctl -e --system ---- STDOUT: * Applying /etc/sysctl.d/10-hardening.conf ... net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.all.rp_filter = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.conf.all.forwarding = 0...

16 of their emails with attachments like bot.exe.7z bot.exe.zip etc. etc. made it through PMG. Have you guys used any online services to test email security? https://trebuchet.gibthf.com/ every email from these guys came to my inbox. In general what do you recommend to secure your PMG...

Hi We are looking into hardening our PVE setup. Currently access to the web UI is fairly locked down with restrictive inbound firewall rules and 2FA for all users, including root@pam. We do however plan to update the SSH server configuration to disable password-based authentication entirely, so...

...how a proxmox host can be hardened with ufw. I understand that proxmox has a own firewall but I have an ansible role which manage hardening etc. on all my servers and therefore would like to use ufw on my proxmox host. However as I tried to use I saw that my lxc containers had massive...