hardening

During a package audit, I noticed that several Samba-related packages — including samba-common, samba-common-bin, smbclient, and supporting libraries — are installed by default. When I ran a dry-run purge to see what would happen, APT reported that removing `samba-common` would also remove...

Hello dear community, We are a small startup with two people and are currently setting up our infrastructure. We will be active in the media industry and have a strong focus on open source, as well as the intention to support relevant projects later on as soon as cash flow comes in. We have a...

As a general thought, I'm wondering if an official Proxmox Hardening wiki page would be useful? Maybe placed here or similar? https://pve.proxmox.com/wiki/Hardening Asking because hardening a server (or cluster thereof) isn't rocket science, but seems to be under documented apart from various...

I'm currently working out the process of hardening a two node Proxmox cluster for internet facing deployment. As part of that I'm moving all ports (other than ssh) to internal network interfaces that aren't publicly accessible. ssh will have it's own security configuration, not covered here...

Hello, I want to configure fail2ban also for the web-gui of PBS. I followed the wiki and it worked well for PVE. I used the systemd-variant. My PBS is installed directly on the PVE hypervisor and whatever I configure, fail2ban is not detecting failed login attempts. Maybe someone else already...

We will need to implement proxmox security hardening. may I know what are the available standards or methods to do proxmox hardening?

Hello! I have a PMG-Cluster on 2 public available VPS servers and want to increase the security. I found this: https://github.com/killmasta93/tutorials/wiki/PMG-Harden Most of it makes the filter rules more advanced, but I am interested in the server itself. So one thing mentioned there, would...

Good Nighttime, I've set up cluster with three proxmox ve servers and joined them as a datacenter. to secure ssh I've restricted the root login via ssh with the following setting PermitRootLogin no in combination with Match Address 10.0.0.0/24 PermitRootLogin yes PasswordAuthentication...

Hello, We need be compliant with PCI-DSS. Systems hardening and vulnerability appeasements are a big part of the process. In the past I've used my trusted CIS Benchmarks to harden various new deployments of different systems I have some considerations with Proxmox and the hardening process...