Search results for query: hardening

  1. t.lamprecht

    proxmox host very slow, VM can not run

    Seems like it could be: https://bugzilla.kernel.org/show_bug.cgi?id=215943 for which a fix has been applied for the upcoming 6.1 kernel. We can look into how feasible it would be to backport it to current stable 5.15.
  2. H

    Bridge to VM guest not accessible from within guest.

    I figured this out, embarrassingly I had net.ipv4.icmp_echo_ignore_all, set when I added some hardening settings. Normally I do that at the end, after everything is working.
  3. L

    LXC Container Upgrade to Bullseye - Slow Login and AppArmor Errors

    I've done some trial-and-error. For me, commenting out these two works: # ProtectProc=invisible # ProtectControlGroups=yes Warning: I don't have a clue, how this affects security. Maybe using nested is better (or worse).
  4. K

    My backup strategy involving files directly and rsync.net doesn't seem possible in ProxMox. How to solve it?

    ...thought it would be as simple as with VirtualBox's shared folders and Docker's volumes. But it's not at all. And I don't want to deal with hardening NFS just to expose the `backups` dataset's subdirs to each VM and CT. I could create a small backup disk for each VM/CT and have that stored on...
  5. Stoiko Ivanov

    PMG Failing Sync After Attempting Hardening

    pmg does not listen on port 587 in it's default configuration (and does not offer a SMTP-Auth, which is usually required there) if you're referring to https://github.com/killmasta93/tutorials/wiki/PMG-Harden#geoip - I don't see anything which would modify the postfix config regarding TLS there?
  6. K

    PMG Failing Sync After Attempting Hardening

    ...the PMG and the mail servers. I also confirmed this on MXToolbox with 587 appended to the URL. My only question now is, was part of the hardening process restricting non-encrypted SMTP? Or am I looking at another configuration issue? I don't see anything abundantly obvious that would...
  7. K

    PMG Failing Sync After Attempting Hardening

    ...everything's working as expected. What's strange to me is the PMG was working as intended and all checks were passing until I started the hardening procedure! Here's the output from 'pmgconfig dump': pmgconfig dump composed.wl_bounce_relays = pmg.localdomain dns.domain = localdomain...
  8. K

    PMG Failing Sync After Attempting Hardening

    Hey, all! I've been searching the forum for several hours (and the internet in general), and I'm not finding anything useful. I just moved from a SurgeMail/SurgeVault system to a conventional malfurious/postfix setup, and I incorporated a PMG into the mix to test things out. I haven't yet...
  9. E

    OpenSSH dropping RSA; Proxmox failing 'ssh'.

    ...OK, this is a bit much that needs turning off as I move toward the OpenSSH v9.0p1 while complying with various SSH hardening guidelines, of which the most thorny is “PermitRootLogin off”. so, I started creating and substituting “admin” account for root. I also have this whole other set of...
  10. T

    Proxmox Security Hardening Guidance?

    On a secondary note, I've always found these resources to be educational: https://github.com/decalage2/awesome-security-hardening/blob/master/README.md Cheers, Tmanok
  11. T

    Proxmox Security Hardening Guidance?

    Hi Everyone, Does anyone know of official publications or resources regarding security hardening of Proxmox projects? PVE, PBS, PMG, client tools, etc... There seems to be a lack of documentation on the matter and I'm interested in seeing it pursued. I'm sure that a lot could be pulled from...
  12. oguz

    Proxmox VE - fine tuning

    hi, Proxmox VE :) the default installation comes with a relatively small set of packages anyway. other "big" packages such as ceph and so on are opt-in. what kind of packages would you like to remove from the default installation? you can get a list of the installed packages with dpkg -l >...
  13. I

    Proxmox & isp modem without a router

    I am pretty much done with my setup and now working on hardening the firewall. My setup has only two bridges, but you can extend it as required. vmbr1 - Upstream for Internet ( WAN ) vmbr2 - Downstream for LAN I am routing my LAN traffic to vmbr1 - which forwards it to Internet. Followed the...
  14. I

    Proxmox VE - fine tuning

    Hi, Is there any best practices to fine tune Proxmos VE, remove unwanted package, hardening and how to keep the setup light weight? Please suggest.. Thanks in advance..
  15. P

    pmg on an internet site (VM)

    ...h change the IP & blocks port 25). My setup: -behind firewall on an public IP runs the mail gateway, - mail server in local network. How secure do you think this setup is? What steps can I take for hardening this setup? Maybe an ssh tunnel between the mail server and the pmg? Thank...
  16. P

    Somebody has used this configuration for harden PMG spam detection?

    Hi all, I've installed the fail2ban's jails and it instantly paid of. The link to the fail2ban in iredmail is wrong but there is a issue open with the new url. The DCC and such sound interesting to have in the PMG install no? Hardening is always a good option :-) regards, P.
  17. C

    NO_PUBKEY DD4BA3917E23BF59 error

    ...0077 This image of Debian was hardened to the CIS benchmarks. I think we did both Levels 1 and 2, and I'm pretty sure that was one of the hardening steps (It was like 6 months ago so my memory isn't 100%). Another issue I identified later after making these posts is that this is Debian 10...
  18. fabian

    ksm sharing & security implications ?

    ...turn off KSM if you are security-conscious. if you run your own workloads inside guests, having it enabled probably is okay. but such hardening decisions are very much dependent on the environment (and this applies to a lot of the defaults in PVE - e.g., I'd not expose SSH or the API to the...
  19. A

    [SOLVED] SSH 'refused connect' | PVE

    WHAT!!! /etc/hosts.deny had deny all for SSHD! I have absolutely no idea where that came from, I definitely didn't do it! I am now able to SSH onto the box... definitely confused though! Thank you so much for your time and intellect, I really appreciate it :D
  20. oguz

    [SOLVED] SSH 'refused connect' | PVE

    thanks. have you made any other hardening on the host? on a hunch, could you check the /etc/hosts.allow and /etc/hosts.deny files as well?