Search results for query: hardening

  1. jwacalex

    [SOLVED] Proxmox VE Cluster: noVNC console does not work for other servers

    Good Nighttime, I've set up cluster with three proxmox ve servers and joined them as a datacenter. to secure ssh I've restricted the root login via ssh with the following setting PermitRootLogin no in combination with Match Address 10.0.0.0/24 PermitRootLogin yes PasswordAuthentication...
  2. L

    are there security best practices?

    Hi, everyone Im from mexico, im searching for best practices for hardening my proxmox installation. Can you help me?
  3. E

    LXC Container Upgrade to Bullseye - Slow Login and AppArmor Errors

    ...which does not require enabling nesting or masking systemd-logind that I hope more people can try and verify. Solution: Comment out the hardening options starting with *Private* or *Protect* in /lib/systemd/system/systemd-logind.service. Then run systemctl daemon-reload to reload the profile.
  4. E

    Inbound broadcast packets dropped.

    Thanks @xed for your details, although with my limited knowledge on networking there are notions you mention that I don't know about. But I'm going to tell you something I think you and any other still paying attention to this thread might find interesting. I've changed my virtual network...
  5. V

    PCI-DSS Compliance

    Hello, We need be compliant with PCI-DSS. Systems hardening and vulnerability appeasements are a big part of the process. In the past I've used my trusted CIS Benchmarks to harden various new deployments of different systems I have some considerations with Proxmox and the hardening process...
  6. V

    [SOLVED] Proxmox and OPNsense - Network speed issue

    ...OPNsense webgui 3. opnsense-system-settings tunables, I set: vm.pmap.pti=0 and hw.ibrs_disable=1 https://docs.opnsense.org/troubleshooting/hardening.html hardening versus performance. Default OPNsense chose hardening, while default pfSense choose performance here. Then Retest speed to...
  7. fiona

    failed - no tunnel IP received

    Yes, setting an ssh banner will confuse migration with type=insecure (and maybe other things), because it doesn't expect the additional output.
  8. D

    failed - no tunnel IP received

    We've got the same issue, and that was because of hardening : we have added a /etc/issue.net file and this file seems to prevent migration from working with the same error message. Removing this file make it work again for thoses who have the same issue.
  9. guletz

    Question : has anyone evaluated their Proxmox box with Lynis ?

    Hi, Lynis is a great tool. But security is not a tool, is much more like a process. It is also about the probability that a security problem to be exploited by enemys, and wat will be the impact in this case. Sometimes, like you said, functionality is important, so you can not hardened your...
  10. G

    Question : has anyone evaluated their Proxmox box with Lynis ?

    ...(imho is there to be done) As some things are quite easily repaired/hardened some are like way beyond my understanding ( as in kernel hardening ) as i dont know the impact to ProxMox itself. So in this i seek guidance. In essence i am looking for a MINIMAL score of 80, so i need to gain...
  11. G

    Vorteile PBS?

    ...- reicht für diesen Zweck; soll nur ein Hobby sein allerdings ein wenig sicherer betrieben als die ganzen "Gurus" die Howto lesen können (hardening anhand dev-sec.io Ansible Collection sowie CES, sshd, panel etc nur über openVPN) - CIFS als Backupserver - iSCSI als weiterer Storageserver...
  12. H

    [SOLVED] One Proxmox node can't reach the other one via SSH

    Oh no, I found it. Recently introduced some SSH hardening policy which is enforced via automation on all Linux machine and that policy includes `PermitRootLogin no`. Since it's automatically applied to all Linux machines, it was also applied to the Proxmox hypervisors. If anybody else stumbles...
  13. H

    Unable to join cluster

    SSH from one host to the next works fine. No hardening or security measures applied - it's a fresh, out the box, just updated install on both machines.
  14. P

    Unable to join cluster

    Did you apply any hardening measures before? Can you ssh from one host to the other?
  15. K

    [SOLVED] HA with ZFS

    Hi We are looking into hardening our infrastructure to better handle outages due to network or hardware failtures. We use OVH dedicated physical servers for our infrastructure and currently have 3 node PVE cluster. This cluster is currently configured with 2x4TB nVME drives per node, with one of...
  16. H

    port forwarding to guest

    ...and Proxmox looks like a superior setup. I've created a container with Nextcloud as a turnkey install and I followed some tutorials on hardening the Proxmox through firewall policies. I've also installed nginx to handle port 443 but not 80 as that needs to be used for lets encrypt. As far as...
  17. J

    [SOLVED] Zerotier and pve-firewall

    ...-p is which port you need ssh access in case it's different from the default port 22. 8006 is the port you need to forward for the GUI, I then secure this with an encrypted random key. further, you can secure the ssh server by modifying the sshd_config for further hardening. Hope it helps...
  18. W

    Encrypting Proxmox VE (Best Methods)

    I have been looking for the best way to encrypt the Proxmox boot drive (one that is not using a hardware RAID setup). From what I have seen the most common way of doing this is over a Debian install with LUKS encryption. I have also found this method. Is there any advantage using one method over...
  19. P

    [gelöst] PVE 6 - VM Konsole auf anderem Node quitiert mit "Authentication failed"

    Herr Jesus, endlich habe ich eine Lösung für dieses Problem gefunden. Auch ich nutze die ssh-hardening Rolle und bin schon fast verrückt geworden. Danke, danke, danke @mlohr!
  20. W

    Encrypting USB-Boot

    Is there any disadvantage in using this method over a LUKS encrypted Debian install?