Search results for query: hardening

Good Nighttime, I've set up cluster with three proxmox ve servers and joined them as a datacenter. to secure ssh I've restricted the root login via ssh with the following setting PermitRootLogin no in combination with Match Address 10.0.0.0/24 PermitRootLogin yes PasswordAuthentication...

Hi, everyone Im from mexico, im searching for best practices for hardening my proxmox installation. Can you help me?

...which does not require enabling nesting or masking systemd-logind that I hope more people can try and verify. Solution: Comment out the hardening options starting with *Private* or *Protect* in /lib/systemd/system/systemd-logind.service. Then run systemctl daemon-reload to reload the profile.

Thanks @xed for your details, although with my limited knowledge on networking there are notions you mention that I don't know about. But I'm going to tell you something I think you and any other still paying attention to this thread might find interesting. I've changed my virtual network...

Hello, We need be compliant with PCI-DSS. Systems hardening and vulnerability appeasements are a big part of the process. In the past I've used my trusted CIS Benchmarks to harden various new deployments of different systems I have some considerations with Proxmox and the hardening process...

...OPNsense webgui 3. opnsense-system-settings tunables, I set: vm.pmap.pti=0 and hw.ibrs_disable=1 https://docs.opnsense.org/troubleshooting/hardening.html hardening versus performance. Default OPNsense chose hardening, while default pfSense choose performance here. Then Retest speed to...

Yes, setting an ssh banner will confuse migration with type=insecure (and maybe other things), because it doesn't expect the additional output.

We've got the same issue, and that was because of hardening : we have added a /etc/issue.net file and this file seems to prevent migration from working with the same error message. Removing this file make it work again for thoses who have the same issue.

Hi, Lynis is a great tool. But security is not a tool, is much more like a process. It is also about the probability that a security problem to be exploited by enemys, and wat will be the impact in this case. Sometimes, like you said, functionality is important, so you can not hardened your...

...(imho is there to be done) As some things are quite easily repaired/hardened some are like way beyond my understanding ( as in kernel hardening ) as i dont know the impact to ProxMox itself. So in this i seek guidance. In essence i am looking for a MINIMAL score of 80, so i need to gain...

...- reicht für diesen Zweck; soll nur ein Hobby sein allerdings ein wenig sicherer betrieben als die ganzen "Gurus" die Howto lesen können (hardening anhand dev-sec.io Ansible Collection sowie CES, sshd, panel etc nur über openVPN) - CIFS als Backupserver - iSCSI als weiterer Storageserver...

Oh no, I found it. Recently introduced some SSH hardening policy which is enforced via automation on all Linux machine and that policy includes `PermitRootLogin no`. Since it's automatically applied to all Linux machines, it was also applied to the Proxmox hypervisors. If anybody else stumbles...

SSH from one host to the next works fine. No hardening or security measures applied - it's a fresh, out the box, just updated install on both machines.

Did you apply any hardening measures before? Can you ssh from one host to the other?

Hi We are looking into hardening our infrastructure to better handle outages due to network or hardware failtures. We use OVH dedicated physical servers for our infrastructure and currently have 3 node PVE cluster. This cluster is currently configured with 2x4TB nVME drives per node, with one of...

...and Proxmox looks like a superior setup. I've created a container with Nextcloud as a turnkey install and I followed some tutorials on hardening the Proxmox through firewall policies. I've also installed nginx to handle port 443 but not 80 as that needs to be used for lets encrypt. As far as...

...-p is which port you need ssh access in case it's different from the default port 22. 8006 is the port you need to forward for the GUI, I then secure this with an encrypted random key. further, you can secure the ssh server by modifying the sshd_config for further hardening. Hope it helps...

I have been looking for the best way to encrypt the Proxmox boot drive (one that is not using a hardware RAID setup). From what I have seen the most common way of doing this is over a Debian install with LUKS encryption. I have also found this method. Is there any advantage using one method over...

Herr Jesus, endlich habe ich eine Lösung für dieses Problem gefunden. Auch ich nutze die ssh-hardening Rolle und bin schon fast verrückt geworden. Danke, danke, danke @mlohr!

Is there any disadvantage in using this method over a LUKS encrypted Debian install?