security

  1. C

    A lot more Kernel Vulnerabilities (Spectre V2, DoS of Hypervisor from KVMs, etc.)

    Hi, seems like Dirty Pipe wasn't the only vulnerability keeping us busy this week. I got notified about these new Security Advisories from Debian: https://www.debian.org/security/2022/dsa-5095 https://www.debian.org/security/2022/dsa-5096 I know Proxmox uses a modified Ubuntu Kernel but I was...
  2. P

    DirtyPipe (CVE-2022-0847) fix for Proxmox VE

    Dear Proxmox Team as of today a new security issue was published which also affects the kernels available for proxmox 7. it is dubbed dirtypipe and seems to allow privilege escalations on affected systems. all details can be found here: https://dirtypipe.cm4all.com/ i checked on my proxmox...
  3. H

    can core_pattern be modified from privileged CT?

    i've just found this: https://pwning.systems/posts/escaping-containers-for-fun/ They simply set /proc/sys/kernel/core_pattern to execute user provided binary in host context by triggering coredump inside of privileged docker container. Can this be done with privileged CTs on proxmox? Or is...
  4. P

    Webinterface Zugriff absichern

    Guten Abend zusammen, ich bin aktuell dabei mein neuen Proxmox Host einzurichten. Der Host steht bei einem Anbieter im Rechenzentrum. Ich habe leider aktuell keine Möglichkeit den Host hinter eine Firewall etc. zu hängen, und versuche den Zugriff auf den Host so gut wie möglich abzusichern...
  5. W

    Proxmox Secure Communications Configuration

    This may end up being quite a loaded question but… What would be the best/easiest way to setup SSL/secure communication for the WHOLE server including all VMs and Containers? Is it possible to have local/LAN access ONLY, with remote access only available via a VPN/tunnel? Would it be possible...
  6. B

    Spectre / meltdown / ... mitigations: Host OS, VM-CPU, VM-OS, ...

    Hi, I have a question regarding required mitigation measures against spectre / meltdown / ... on different levels, i.e. what is needed where. As I understand it, already the host OS - Debian contains mitigations according to lscpu output: Vulnerability Itlb multihit: Not affected...
  7. D

    [SOLVED] Sicherheitslücke im Kernel CVE-2021-33909

    Hallo zusammen, nach der Meldung einer Sicherheitslücke im Linux-Kernel haben wir bei uns alle Server gepatcht, jetzt ist allerdings unklar ab welcher Version der PVE Kernel nicht mehr verwundbar ist. Habt ihr dazu die Infos? Über Google konnte ich leider nichts finden... Unsere PMGs stehen...
  8. F

    Absicherung Proxmox

    Hallo zusammen, ich bin neu in der Welt Proxmox und somit auch neu hier im Forum. Ich bin zurzeit im 3 Lehrjahr in meiner Ausbildung zum Systemintegrator, und habe mir seit gut einem halben Jahr ein Server bei einem Hoster gemietet. Auf dem Server experimentiere ich einfach ein wenig rum...
  9. B

    [SOLVED] Viewing Failed Login attempts

    Hi everyone. Can someone point me in the direction of a log that records logins to the PMG interface (Failed and successful). Hoping it also records the IP address of the login attempts. Thanks!!
  10. L

    Security Onion

    Hello, is it possible to mirror the network traffic of 1 virtual port in proxmox without tc? vmbr0 --> 6 virtual ports (important ens33, ens18) i want to mirror ens33 to ens18 that the Security Onion can only see her traffic is that possible without tc because tc not working for me Greets
  11. G

    Weird backup file names on external drive

    Hi, I just checked an external backup and found these weird file names on it. Some 'Chinese' relation? I'm not able to change them. I'm backing up the same files on two other different devices. They don't have the same issues. So is it a security issue or is it a device issue?
  12. M

    Setting up NIDS in VE, where put it in architecure and how redirect all trafic from/to Snort/Suricata

    Hello all, I want deploy snort in my VE, but i wounder what is the beast approach to do that. First idea is deploy vm with snort or something similar like suricata, but the real problem is ... how to redirect all traffic from NIC, VE from/to snort. I imagine it like this: vmbrX <-->...
  13. B

    what could be a good parttern for hardening proxmox and setup the network ?

    I am looking for somt guidance to make my installation of proxmox more "secure" and resilient . I have a cluster of 3 machines with each 2 10G ports. Storage is managed via a NAS connected through a 10 GB port (it also has 2 1GB port) All the machines are connected to a 10G switch I have...
  14. B

    how to secure proxmox installation

    Hi all, So I have a proxmox cluster at home and I would like to make its installation more secure. I put the proxmox cluster in a DMZ, and have the Office network behind another firewall using NAT. What would be the best way to allow the access to the proxmox cluster resources securely and only...
  15. D

    New proxmox deploy - is this way to go with disks?

    Hey guys, I am building my first production Proxmox - not my first virt mind you, but costs are astronomical with 'other' virtualization options. Anyway. I have specific needs and specific setup - regarding the setup, lets leave that. My question is this - from your experience - is this...
  16. D

    Hundreds of usernames, IP addresses, and ports in the Syslog

    We are currently setting up our servers. I recently checked the Syslog and see several hundred usernames, IP addresses and ports. Is this normal?
  17. R

    Proxmox behind Virtual-FW and DMZ-Zone

    Hi all, As of today I'm running some Raspberry Pi's at home providing some services (nextcloud, mailserver etc.) for me and a few friends(we're running a "art/draw club"). Since I was able to get an old workstation from work and I didn't really cared about security back when I was setting the...
  18. Proxygen

    [SOLVED] RKhunter /dev warnings

    On PVE 6, I've installed rkhunter and ran --propudp, but it sends me every day: Warning: Suspicious file types found in /dev: /dev/shm/qb-1800-10101-29-di6DkD/qb-event-pve2-data: Hitachi SH big-endian COFF object file, not stripped, 0 section...
  19. Proxygen

    QEMU VM Escape (CVE-2019-14378)

    I understand the problem is deeper down the stack, but is there anything we can do mitigate this vuln? https://blog.bi0s.in/2019/08/24/Pwn/VM-Escape/2019-07-29-qemu-vm-escape-cve-2019-14378/
  20. M

    Proxmox on remote server: security best practices?

    Hi, I'm considering switching my current 'cloud' VPS setup to a dedicated server (e.g. Hetzner) with Proxmox running 2-3 VMs. Currently I'm only running Proxmox in my homelab, which works great but obviously has other security requirements than a remote setup. Are there any pointers to best...

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!