Search results for query: hardening

Seems like it could be: https://bugzilla.kernel.org/show_bug.cgi?id=215943 for which a fix has been applied for the upcoming 6.1 kernel. We can look into how feasible it would be to backport it to current stable 5.15.

I figured this out, embarrassingly I had net.ipv4.icmp_echo_ignore_all, set when I added some hardening settings. Normally I do that at the end, after everything is working.

I've done some trial-and-error. For me, commenting out these two works: # ProtectProc=invisible # ProtectControlGroups=yes Warning: I don't have a clue, how this affects security. Maybe using nested is better (or worse).

...thought it would be as simple as with VirtualBox's shared folders and Docker's volumes. But it's not at all. And I don't want to deal with hardening NFS just to expose the `backups` dataset's subdirs to each VM and CT. I could create a small backup disk for each VM/CT and have that stored on...

pmg does not listen on port 587 in it's default configuration (and does not offer a SMTP-Auth, which is usually required there) if you're referring to https://github.com/killmasta93/tutorials/wiki/PMG-Harden#geoip - I don't see anything which would modify the postfix config regarding TLS there?

...the PMG and the mail servers. I also confirmed this on MXToolbox with 587 appended to the URL. My only question now is, was part of the hardening process restricting non-encrypted SMTP? Or am I looking at another configuration issue? I don't see anything abundantly obvious that would...

...everything's working as expected. What's strange to me is the PMG was working as intended and all checks were passing until I started the hardening procedure! Here's the output from 'pmgconfig dump': pmgconfig dump composed.wl_bounce_relays = pmg.localdomain dns.domain = localdomain...

Hey, all! I've been searching the forum for several hours (and the internet in general), and I'm not finding anything useful. I just moved from a SurgeMail/SurgeVault system to a conventional malfurious/postfix setup, and I incorporated a PMG into the mix to test things out. I haven't yet...

...OK, this is a bit much that needs turning off as I move toward the OpenSSH v9.0p1 while complying with various SSH hardening guidelines, of which the most thorny is “PermitRootLogin off”. so, I started creating and substituting “admin” account for root. I also have this whole other set of...

On a secondary note, I've always found these resources to be educational: https://github.com/decalage2/awesome-security-hardening/blob/master/README.md Cheers, Tmanok

Hi Everyone, Does anyone know of official publications or resources regarding security hardening of Proxmox projects? PVE, PBS, PMG, client tools, etc... There seems to be a lack of documentation on the matter and I'm interested in seeing it pursued. I'm sure that a lot could be pulled from...

hi, Proxmox VE :) the default installation comes with a relatively small set of packages anyway. other "big" packages such as ceph and so on are opt-in. what kind of packages would you like to remove from the default installation? you can get a list of the installed packages with dpkg -l >...

I am pretty much done with my setup and now working on hardening the firewall. My setup has only two bridges, but you can extend it as required. vmbr1 - Upstream for Internet ( WAN ) vmbr2 - Downstream for LAN I am routing my LAN traffic to vmbr1 - which forwards it to Internet. Followed the...

Hi, Is there any best practices to fine tune Proxmos VE, remove unwanted package, hardening and how to keep the setup light weight? Please suggest.. Thanks in advance..

...h change the IP & blocks port 25). My setup: -behind firewall on an public IP runs the mail gateway, - mail server in local network. How secure do you think this setup is? What steps can I take for hardening this setup? Maybe an ssh tunnel between the mail server and the pmg? Thank...

Hi all, I've installed the fail2ban's jails and it instantly paid of. The link to the fail2ban in iredmail is wrong but there is a issue open with the new url. The DCC and such sound interesting to have in the PMG install no? Hardening is always a good option :-) regards, P.

...0077 This image of Debian was hardened to the CIS benchmarks. I think we did both Levels 1 and 2, and I'm pretty sure that was one of the hardening steps (It was like 6 months ago so my memory isn't 100%). Another issue I identified later after making these posts is that this is Debian 10...

...turn off KSM if you are security-conscious. if you run your own workloads inside guests, having it enabled probably is okay. but such hardening decisions are very much dependent on the environment (and this applies to a lot of the defaults in PVE - e.g., I'd not expose SSH or the API to the...

WHAT!!! /etc/hosts.deny had deny all for SSHD! I have absolutely no idea where that came from, I definitely didn't do it! I am now able to SSH onto the box... definitely confused though! Thank you so much for your time and intellect, I really appreciate it :D

thanks. have you made any other hardening on the host? on a hunch, could you check the /etc/hosts.allow and /etc/hosts.deny files as well?