security

  1. Security Onion

    Hello, is it possible to mirror the network traffic of 1 virtual port in proxmox without tc? vmbr0 --> 6 virtual ports (important ens33, ens18) i want to mirror ens33 to ens18 that the Security Onion can only see her traffic is that possible without tc because tc not working for me Greets
  2. Weird backup file names on external drive

    Hi, I just checked an external backup and found these weird file names on it. Some 'Chinese' relation? I'm not able to change them. I'm backing up the same files on two other different devices. They don't have the same issues. So is it a security issue or is it a device issue?
  3. Setting up NIDS in VE, where put it in architecure and how redirect all trafic from/to Snort/Suricata

    Hello all, I want deploy snort in my VE, but i wounder what is the beast approach to do that. First idea is deploy vm with snort or something similar like suricata, but the real problem is ... how to redirect all traffic from NIC, VE from/to snort. I imagine it like this: vmbrX <-->...
  4. what could be a good parttern for hardening proxmox and setup the network ?

    I am looking for somt guidance to make my installation of proxmox more "secure" and resilient . I have a cluster of 3 machines with each 2 10G ports. Storage is managed via a NAS connected through a 10 GB port (it also has 2 1GB port) All the machines are connected to a 10G switch I have...
  5. how to secure proxmox installation

    Hi all, So I have a proxmox cluster at home and I would like to make its installation more secure. I put the proxmox cluster in a DMZ, and have the Office network behind another firewall using NAT. What would be the best way to allow the access to the proxmox cluster resources securely and only...
  6. New proxmox deploy - is this way to go with disks?

    Hey guys, I am building my first production Proxmox - not my first virt mind you, but costs are astronomical with 'other' virtualization options. Anyway. I have specific needs and specific setup - regarding the setup, lets leave that. My question is this - from your experience - is this...
  7. Hundreds of usernames, IP addresses, and ports in the Syslog

    We are currently setting up our servers. I recently checked the Syslog and see several hundred usernames, IP addresses and ports. Is this normal?
  8. Proxmox behind Virtual-FW and DMZ-Zone

    Hi all, As of today I'm running some Raspberry Pi's at home providing some services (nextcloud, mailserver etc.) for me and a few friends(we're running a "art/draw club"). Since I was able to get an old workstation from work and I didn't really cared about security back when I was setting the...
  9. Gaia

    [SOLVED] RKhunter /dev warnings

    On PVE 6, I've installed rkhunter and ran --propudp, but it sends me every day: Warning: Suspicious file types found in /dev: /dev/shm/qb-1800-10101-29-di6DkD/qb-event-pve2-data: Hitachi SH big-endian COFF object file, not stripped, 0 section...
  10. Gaia

    QEMU VM Escape (CVE-2019-14378)

    I understand the problem is deeper down the stack, but is there anything we can do mitigate this vuln? https://blog.bi0s.in/2019/08/24/Pwn/VM-Escape/2019-07-29-qemu-vm-escape-cve-2019-14378/
  11. Proxmox on remote server: security best practices?

    Hi, I'm considering switching my current 'cloud' VPS setup to a dedicated server (e.g. Hetzner) with Proxmox running 2-3 VMs. Currently I'm only running Proxmox in my homelab, which works great but obviously has other security requirements than a remote setup. Are there any pointers to best...
  12. V5.4 : does qm vncproxy not support VeNCrypt/X509Plain anymore ?

    Hi, For some reasons irrelevant to explain, I used to connect to VMs with an external VNC Viewer (TigerVNC), by setting up inetd.conf on the server. Until PVE 5.1 everything worked fine. I just set up a 5.4 server, and now vncviewer only prompts for password, not for username. It seems PVE...
  13. Logs in proxmox node

    Hi, For traceability reasons, I would like to retrieve the security events of the the creation, modification and deletion of users. The same goes for firewall rules. Do you know if it is possible to make the logs more verbose on these two points? Thanks,
  14. U2F Key Integration and Backup Codes

    Hello everyone, I have used the Microsoft Authenticator for quiet a long time. Now I've purchased a U2F-Key, because I don't want to have to go to the other side of the room to grab my phone, unlock it, open Authenticator, log in again, read the code and type it in. Also I want to be able to...
  15. magicfab

    [TUTORIAL] Setting up Proxmox VE OATH (TOTP) 2FA

    Hi, I've written a detailed How To for setting up OATH (TOTP) 2FA in Proxmox VE: https://pve.proxmox.com/wiki/OATH(TOTP)_Authentication Any feedback is welcome.
  16. [SOLVED] Proxmox secure firewall?

    Loving Proxmox at the moment. I wondered how good the Proxmox built in firewall was in a securing VMs/LXcs sense compared to virtualizing something like pfSense as either a VM or LXC. I'd appreciate users mileage on this one. I know that pfSense is a dedicated firewall application and so has...
  17. Mirroring incoming/outgoing traffic to a ntopng (security analysis) VM on same node - best practices

    Hi, I'm setting up a single Proxmox node with multiple Windows VMs. The physical server has multiple onboard NICs (i.e. on the motherboard). I'd like to use ntopng to monitor all incoming/outgoing traffic from those Windows VMs. Ideally, I'd like to run a Linux instance with ntopng on the...
  18. Wiki improvement: Web Interface via Nginx Proxy

    Hi, I propose that these lines are added to the article here in order to fix the boot order of the services. Otherwise nginx won't come up correctly after reboot because the certificate files are not available before pve-cluster service was started. sed -i...
  19. LXC: Disabled dmesg, syslog still sees kernel messages

    Hi! I put syslog errno 1 line into the /usr/share/lxc/config/common.seccomp file and it does perfect job preventing containers to see what's in dmesg: # dmesg dmesg: read kernel buffer failed: Operation not permitted but i had recently found, that the kernel messages are getting to syslog, so...
  20. hakim

    How to mitigate the impact of a compromised cluster node ?

    Hi, In a cluster, every nodes can access each other with root privileges. Therefore, if one node get compromised all other are also compromised. Is there a way to mitigate the impact of a compromised cluster node on the other nodes ? A way to maybe only give an elevation of privilege to the...

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!