1. powersupport

    proxmox security hardening

    We will need to implement proxmox security hardening. may I know what are the available standards or methods to do proxmox hardening?
  2. G

    Firewall, migrations/SSH for ringX addresses when output is filtered?

    Hi, I noticed that if I set the OUTPUT policy to DROP, I need to add a few rules by default for SSH, migrations to work if I add another ringX address. Could it be that some rules that gets set by default for INPUT may have been forgotten in output ? I see the usual ports...
  3. H

    Proxmox 8 Login : Fail2Ban not working

    Hello everyone, I followed this guide : Then implemented all the attempts @ When I manually trigger the maxretrys nothing happens. When I run the test code provided...
  4. S

    Enforce webauthn on proxmox 8.0

    Hello, i was wondering why only can choose Yubico and OATH/TOTP. I would like to enforce that all users are required to configure webauthn. Am i missing something, or is that option no available? Thank for your help. Kind regards schaurian
  5. Novacom

    Proxmox VE - CVE reports - Security issues ?

    Hello ! My SOC reported an issue on my newly installed v8 (in place upgrade) The SOC client (Covalence by Field Effet) was installed yesterday, just before 7to8 upgrade shellcheck v. 0.9.0-1 is installed on this host. CVE-2021-28794 - 9.8/10 The unofficial ShellCheck extension before 0.13.4...
  6. S

    Modified /root/pve_source for Mini PC router

    Hi, I've purchased a HUNSN mini PC like this one (amazon link) and installed Proxmox VE 7 on it and it seems to run fine so far. After trying to find a way of passing-through a M.2 Wifi/BT card (like this one, amazon link) to a debian VM, and not finding one, I reached out to the seller which...
  7. H

    Security notice from my Netgear Armor scan

    Hey all! Perhaps a bit of a beginner question here, especially on the security side. I got a notice for 2 vulnerabilities with open ssh version that is running on ProxMox. It is mentioning that OpenSSH_8.4p1 is vulnerable on CVE-2023-28531 and CVE-2008-3844. Interestingly I think both of...
  8. F

    First Steps setting-up Proxmox

    Hello guys, Last weekend I managed to install and setup my first home server with Proxmox. I have used an a old desktop PC, boosted a bit the memory and succsefully installed Proxmox VE. Everything seems to be working just fine and I am enjoying my setup. However, I may need help for few...
  9. G

    LXC, trust of default templates

    A friend starting into using Proxmox asked me a question today which I didn't offhand know the answer to and couldn't find a definitive answer on here. How do you know the LXC templates are trustworthy? LXC containers (as in the templates pulled down from pveam), I'm guessing they're pulled...
  10. V

    Achieving Isolation for Sec (vm->vm & vm->Hyper)

    Building proxmox box which will host 20+ VMs. Need to ensure that: 1. VMs cannot talk to hypervisor, but VMs can all reach the internet 2. VMs cannot talk to other VMs 3. VMs cannot read or write to other VMs 4. Need to ensure that VMs cannot read or write to hypervisor Purpose is to avoid...
  11. L

    Falco / proxmox / lxc

    Has anyone experimented with Falco driver in Proxmox / Linux kernel and using it to secure containers? Use Case: Running Falco on a Linux host or running Falco userspace program in a container, with a driver installed on the underlying host.
  12. M

    IPTables rules per guest VM

    Hi, After checking quite a few articles found here and on some other websites, it's still not clear for me how one can add custom IPTables rules for each VM. Checking the current host with just one VM at the moment I can see: -A tap100i0-IN -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A...
  13. Z

    Proxmox Private Vlan Feature

    I'm migrating from VMWare-ESX to Proxmox. Previously I managed to used Private vlan on vmware and enhanced security for my customers and also used /32 IP address per customer. now I am not able to find a solution for this case in Proxmox. cloud anyone guide, what they have done to increase L2...
  14. P

    NIC PCI-Passthrough

    Abend zusammen, Wie „sicher“ ist eigentlich PCI-Passthrough? Ich bin aktuell am überlegen folgende Konstellation zu bauen: 1 Host mit einer zusätzlichen Netzwerkkarte. Die Karte hat 2x 10G. Die beiden Ports sollen per PCI-Passthrough an eine Virtuelle OPNsense weiter gereicht werden. Hinter...
  15. K

    [SOLVED] Questions regarding encryption

    Hi, i got 2 questions to properly secure my data. The setup is one server running PVE an another server running PBS. All on premise. The VMs are stored on thin-provisioned LVMs that are encrypted using LUKS. The key is stored on a hardware token. I am really happy with that. Works great and...
  16. A

    Suspicious frequent logs

    Apr 03 10:19:59 pve sshd[12301]: Unable to negotiate with 61.**.1*2.174 port 60790: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1 [preauth] Apr 03 09:56:19 pve sshd[9035]: Unable to negotiate with...
  17. C

    A lot more Kernel Vulnerabilities (Spectre V2, DoS of Hypervisor from KVMs, etc.)

    Hi, seems like Dirty Pipe wasn't the only vulnerability keeping us busy this week. I got notified about these new Security Advisories from Debian: I know Proxmox uses a modified Ubuntu Kernel but I was...
  18. P

    DirtyPipe (CVE-2022-0847) fix for Proxmox VE

    Dear Proxmox Team as of today a new security issue was published which also affects the kernels available for proxmox 7. it is dubbed dirtypipe and seems to allow privilege escalations on affected systems. all details can be found here: i checked on my proxmox...
  19. H

    can core_pattern be modified from privileged CT?

    i've just found this: They simply set /proc/sys/kernel/core_pattern to execute user provided binary in host context by triggering coredump inside of privileged docker container. Can this be done with privileged CTs on proxmox? Or is...
  20. P

    Webinterface Zugriff absichern

    Guten Abend zusammen, ich bin aktuell dabei mein neuen Proxmox Host einzurichten. Der Host steht bei einem Anbieter im Rechenzentrum. Ich habe leider aktuell keine Möglichkeit den Host hinter eine Firewall etc. zu hängen, und versuche den Zugriff auf den Host so gut wie möglich abzusichern...


The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!