security

  1. S

    Wie sicher sind Proxmox Network Bridge Interfaces

    Hallo zusammen, ich plane aktuell eine Malware Analysis Plattform aufzubauen. Diese soll in insgesamt 2 VMs auf meinem Produktiven Proxmox Hypervisor laufen. (Ja ich weiß nicht ideal - auf einer kleinen Umgebung zuhause gehts leider nicht anders) Die 2 Maschinen sollen untereinander...
  2. J

    Should an official Proxmox "Hardening" wiki page be created?

    As a general thought, I'm wondering if an official Proxmox Hardening wiki page would be useful? Maybe placed here or similar? https://pve.proxmox.com/wiki/Hardening Asking because hardening a server (or cluster thereof) isn't rocket science, but seems to be under documented apart from various...
  3. J

    A small script for connecting to SPICE client via ssh tunnel

    I'm currently working out the process of hardening a two node Proxmox cluster for internet facing deployment. As part of that I'm moving all ports (other than ssh) to internal network interfaces that aren't publicly accessible. ssh will have it's own security configuration, not covered here...
  4. K

    authorized_keys file has unknown keys

    Hi, today I looked through /root/.ssh/authorized_keys and there were 3 keys: 1) ssh-rsa from root@pve 2) ssh-rsa from my desktop (from where I usually manage proxmox) 3) ssh-ed25519 from u0_a129@localhost Now, I recognize the 2nd key, but what about the 1st and 3rd keys? I read somewhere that...
  5. H

    Security Updates

    Hello everyone, I'm trying to learn about proper security procedure with proxmox. On my current server : root@server:~# hostnamectl Operating System: Debian GNU/Linux 12 (bookworm) Kernel: Linux 6.2.16-8-pve Architecture: x86-64 It seem's 6.2.16 had gone EOL one year...
  6. G

    Proxmox + PBS security issues

    Scenario: - One machine with proxmox - Second machine with PBS VMs on proxmox machine are DELETED, all the VM data is wiped. After that, the proxmox machine is physically compromised. What to expect: no data leak Whan actually happens: - PBS encryption key is available in /etc/pve on the...
  7. T

    rpcbind

    in one of our (lazy infrequent) security scans we stumbled upon a running rpcbind. it seems that it was installed around 8.0.4. trying to remove it tells us that pve depends on it: The following packages will be REMOVED: libpve-guest-common-perl* libpve-storage-perl* nfs-common* proxmox-ve*...
  8. E

    Why is QDevice setup by PVE backwards?

    The pvecm qdevice setup requires an ssh connection to the QD, which is not there for "casting votes". As QDs are meant to be run externally, why is this not the other (natural) way around, i.e. generating script for one to execute on the QD, possibly provide the feature (as a perk) by calling...
  9. E

    Optimal home Network topology with Proxmox

    Dear all, I am trying to build a home server where i want to run few services, such as Nextcloud, as LXC contianers. I am relatively new to networking and before posting here i have read several pieces of documentation. Nevertheless, i still have doubts regarding the best setup for my use case...
  10. powersupport

    proxmox security hardening

    We will need to implement proxmox security hardening. may I know what are the available standards or methods to do proxmox hardening?
  11. G

    Firewall, migrations/SSH for ringX addresses when output is filtered?

    Hi, I noticed that if I set the OUTPUT policy to DROP, I need to add a few rules by default for SSH, migrations to work if I add another ringX address. Could it be that some rules that gets set by default for INPUT may have been forgotten in output ? I see the usual ports...
  12. H

    Proxmox 8 Login : Fail2Ban not working

    Hello everyone, I followed this guide : https://pve.proxmox.com/wiki/Fail2ban Then implemented all the attempts @ https://forum.proxmox.com/threads/pve-8-0-%E2%80%93-fail2ban-log-locations-missing.129338/ When I manually trigger the maxretrys nothing happens. When I run the test code provided...
  13. S

    Enforce webauthn on proxmox 8.0

    Hello, i was wondering why only can choose Yubico and OATH/TOTP. I would like to enforce that all users are required to configure webauthn. Am i missing something, or is that option no available? Thank for your help. Kind regards schaurian
  14. Novacom

    Proxmox VE - CVE reports - Security issues ?

    Hello ! My SOC reported an issue on my newly installed v8 (in place upgrade) The SOC client (Covalence by Field Effet) was installed yesterday, just before 7to8 upgrade shellcheck v. 0.9.0-1 is installed on this host. CVE-2021-28794 - 9.8/10 The unofficial ShellCheck extension before 0.13.4...
  15. S

    Modified /root/pve_source for Mini PC router

    Hi, I've purchased a HUNSN mini PC like this one (amazon link) and installed Proxmox VE 7 on it and it seems to run fine so far. After trying to find a way of passing-through a M.2 Wifi/BT card (like this one, amazon link) to a debian VM, and not finding one, I reached out to the seller which...
  16. H

    Security notice from my Netgear Armor scan

    Hey all! Perhaps a bit of a beginner question here, especially on the security side. I got a notice for 2 vulnerabilities with open ssh version that is running on ProxMox. It is mentioning that OpenSSH_8.4p1 is vulnerable on CVE-2023-28531 and CVE-2008-3844. Interestingly I think both of...
  17. F

    First Steps setting-up Proxmox

    Hello guys, Last weekend I managed to install and setup my first home server with Proxmox. I have used an a old desktop PC, boosted a bit the memory and succsefully installed Proxmox VE. Everything seems to be working just fine and I am enjoying my setup. However, I may need help for few...
  18. G

    LXC, trust of default templates

    A friend starting into using Proxmox asked me a question today which I didn't offhand know the answer to and couldn't find a definitive answer on here. How do you know the LXC templates are trustworthy? LXC containers (as in the templates pulled down from pveam), I'm guessing they're pulled...
  19. V

    Achieving Isolation for Sec (vm->vm & vm->Hyper)

    Building proxmox box which will host 20+ VMs. Need to ensure that: 1. VMs cannot talk to hypervisor, but VMs can all reach the internet 2. VMs cannot talk to other VMs 3. VMs cannot read or write to other VMs 4. Need to ensure that VMs cannot read or write to hypervisor Purpose is to avoid...
  20. L

    Falco / proxmox / lxc

    Has anyone experimented with Falco driver in Proxmox / Linux kernel and using it to secure containers? Use Case: Running Falco on a Linux host or running Falco userspace program in a container, with a driver installed on the underlying host. https://falco.org/docs/getting-started/

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!