So I have a proxmox cluster at home and I would like to make its installation more secure. I put the proxmox cluster in a DMZ, and have the Office network behind another firewall using NAT. What would be the best way to allow the access to the proxmox cluster resources securely and only...
I am building my first production Proxmox - not my first virt mind you, but costs are astronomical with 'other' virtualization options. Anyway.
I have specific needs and specific setup - regarding the setup, lets leave that. My question is this - from your experience - is this...
As of today I'm running some Raspberry Pi's at home providing some services (nextcloud, mailserver etc.) for me and a few friends(we're running a "art/draw club"). Since I was able to get an old workstation from work and I didn't really cared about security back when I was setting the...
On PVE 6, I've installed rkhunter and ran --propudp, but it sends me every day:
Warning: Suspicious file types found in /dev:
/dev/shm/qb-1800-10101-29-di6DkD/qb-event-pve2-data: Hitachi SH big-endian COFF object file, not stripped, 0 section...
I'm considering switching my current 'cloud' VPS setup to a dedicated server (e.g. Hetzner) with Proxmox running 2-3 VMs. Currently I'm only running Proxmox in my homelab, which works great but obviously has other security requirements than a remote setup.
Are there any pointers to best...
For some reasons irrelevant to explain, I used to connect to VMs with an external VNC Viewer (TigerVNC), by setting up inetd.conf on the server.
Until PVE 5.1 everything worked fine.
I just set up a 5.4 server, and now vncviewer only prompts for password, not for username.
It seems PVE...
For traceability reasons, I would like to retrieve the security events of the the creation, modification and deletion of users. The same goes for firewall rules.
Do you know if it is possible to make the logs more verbose on these two points?
I have used the Microsoft Authenticator for quiet a long time. Now I've purchased a U2F-Key, because I don't want to have to go to the other side of the room to grab my phone, unlock it, open Authenticator, log in again, read the code and type it in. Also I want to be able to...
Loving Proxmox at the moment. I wondered how good the Proxmox built in firewall was in a securing VMs/LXcs sense compared to virtualizing something like pfSense as either a VM or LXC.
I'd appreciate users mileage on this one. I know that pfSense is a dedicated firewall application and so has...
I'm setting up a single Proxmox node with multiple Windows VMs. The physical server has multiple onboard NICs (i.e. on the motherboard).
I'd like to use ntopng to monitor all incoming/outgoing traffic from those Windows VMs.
Ideally, I'd like to run a Linux instance with ntopng on the...
I propose that these lines are added to the article here in order to fix the boot order of the services. Otherwise nginx won't come up correctly after reboot because the certificate files are not available before pve-cluster service was started.
I put syslog errno 1 line into the /usr/share/lxc/config/common.seccomp file and it does perfect job preventing containers to see what's in dmesg:
dmesg: read kernel buffer failed: Operation not permitted
but i had recently found, that the kernel messages are getting to syslog, so...
In a cluster, every nodes can access each other with root privileges. Therefore, if one node get compromised all other are also compromised.
Is there a way to mitigate the impact of a compromised cluster node on the other nodes ?
A way to maybe only give an elevation of privilege to the...
On Proxmox VE 5.1, inside an LXC container, I cannot ping with unprivileged user. It gives me the following error:
$ ping google.ch
ping: socket: Operation not permitted
On the hostnode itself I can ping with both unprivileged user and root, but inside an LXC container only as root.
eine Frage zu dem Thema "Unprivileged Container". Bei einem Unpriviligiertem Container werden ja die UID umgemappt, um die Sicherheit zu erhöhen. Damit ist wenn jemand aus dem Container ausbricht, er "nur" mit Nutzerrechten unterwegs. So weit so gut. Wenn ich aber nun mehrere Container...
I'm trying to add two factor authentication for the proxmox login for extra security. I having hard time finding a tutorial and the documentation is not very clear. Anyone Can help me set it up ?
I've seen some vulnerabilities in qemu-kvm, that were recently patched.
For ex, CVE-2017-7980
In the redhat announcements, i saw they require a stop of all VMs for the update to take effect.
Do we need to follow the same procedure when proxmox updates the qemu? Or it's patched in...