is it possible to mirror the network traffic of 1 virtual port in proxmox without tc?
vmbr0 --> 6 virtual ports (important ens33, ens18)
i want to mirror ens33 to ens18 that the Security Onion can only see her traffic is that possible without tc because tc not working for me
I just checked an external backup and found these weird file names on it. Some 'Chinese' relation?
I'm not able to change them. I'm backing up the same files on two other different devices. They don't have the same issues. So is it a security issue or is it a device issue?
I want deploy snort in my VE, but i wounder what is the beast approach to do that. First idea is deploy vm with snort or something similar like suricata, but the real problem is ... how to redirect all traffic from NIC, VE from/to snort.
I imagine it like this:
I am looking for somt guidance to make my installation of proxmox more "secure" and resilient .
I have a cluster of 3 machines with each 2 10G ports.
Storage is managed via a NAS connected through a 10 GB port (it also has 2 1GB port)
All the machines are connected to a 10G switch
So I have a proxmox cluster at home and I would like to make its installation more secure. I put the proxmox cluster in a DMZ, and have the Office network behind another firewall using NAT. What would be the best way to allow the access to the proxmox cluster resources securely and only...
I am building my first production Proxmox - not my first virt mind you, but costs are astronomical with 'other' virtualization options. Anyway.
I have specific needs and specific setup - regarding the setup, lets leave that. My question is this - from your experience - is this...
As of today I'm running some Raspberry Pi's at home providing some services (nextcloud, mailserver etc.) for me and a few friends(we're running a "art/draw club"). Since I was able to get an old workstation from work and I didn't really cared about security back when I was setting the...
On PVE 6, I've installed rkhunter and ran --propudp, but it sends me every day:
Warning: Suspicious file types found in /dev:
/dev/shm/qb-1800-10101-29-di6DkD/qb-event-pve2-data: Hitachi SH big-endian COFF object file, not stripped, 0 section...
I'm considering switching my current 'cloud' VPS setup to a dedicated server (e.g. Hetzner) with Proxmox running 2-3 VMs. Currently I'm only running Proxmox in my homelab, which works great but obviously has other security requirements than a remote setup.
Are there any pointers to best...
For some reasons irrelevant to explain, I used to connect to VMs with an external VNC Viewer (TigerVNC), by setting up inetd.conf on the server.
Until PVE 5.1 everything worked fine.
I just set up a 5.4 server, and now vncviewer only prompts for password, not for username.
It seems PVE...
For traceability reasons, I would like to retrieve the security events of the the creation, modification and deletion of users. The same goes for firewall rules.
Do you know if it is possible to make the logs more verbose on these two points?
I have used the Microsoft Authenticator for quiet a long time. Now I've purchased a U2F-Key, because I don't want to have to go to the other side of the room to grab my phone, unlock it, open Authenticator, log in again, read the code and type it in. Also I want to be able to...
Loving Proxmox at the moment. I wondered how good the Proxmox built in firewall was in a securing VMs/LXcs sense compared to virtualizing something like pfSense as either a VM or LXC.
I'd appreciate users mileage on this one. I know that pfSense is a dedicated firewall application and so has...
I'm setting up a single Proxmox node with multiple Windows VMs. The physical server has multiple onboard NICs (i.e. on the motherboard).
I'd like to use ntopng to monitor all incoming/outgoing traffic from those Windows VMs.
Ideally, I'd like to run a Linux instance with ntopng on the...
I propose that these lines are added to the article here in order to fix the boot order of the services. Otherwise nginx won't come up correctly after reboot because the certificate files are not available before pve-cluster service was started.
I put syslog errno 1 line into the /usr/share/lxc/config/common.seccomp file and it does perfect job preventing containers to see what's in dmesg:
dmesg: read kernel buffer failed: Operation not permitted
but i had recently found, that the kernel messages are getting to syslog, so...
In a cluster, every nodes can access each other with root privileges. Therefore, if one node get compromised all other are also compromised.
Is there a way to mitigate the impact of a compromised cluster node on the other nodes ?
A way to maybe only give an elevation of privilege to the...