security

  1. onlime

    Ping with unprivileged user in LXC container / Linux capabilities

    On Proxmox VE 5.1, inside an LXC container, I cannot ping with unprivileged user. It gives me the following error: $ ping google.ch ping: socket: Operation not permitted On the hostnode itself I can ping with both unprivileged user and root, but inside an LXC container only as root. The...
  2. Y

    Frage zu Container und "Unprivileged"

    Hallo, eine Frage zu dem Thema "Unprivileged Container". Bei einem Unpriviligiertem Container werden ja die UID umgemappt, um die Sicherheit zu erhöhen. Damit ist wenn jemand aus dem Container ausbricht, er "nur" mit Nutzerrechten unterwegs. So weit so gut. Wenn ich aber nun mehrere Container...
  3. D

    Two Factor Authentication For Proxmox

    Hi everybody, I'm trying to add two factor authentication for the proxmox login for extra security. I having hard time finding a tutorial and the documentation is not very clear. Anyone Can help me set it up ?
  4. BelCloud

    QEMU update. reboot?

    Hello I've seen some vulnerabilities in qemu-kvm, that were recently patched. For ex, CVE-2017-7980 In the redhat announcements, i saw they require a stop of all VMs for the update to take effect. Do we need to follow the same procedure when proxmox updates the qemu? Or it's patched in...
  5. M

    Critical security bug in NoVNC console

    Today, I was editing a product in WHMCS, and by "mistake" I saved the order with the "Server:" selected as another node, that it should really be. What happened after was horrible, because the user opened his console, and the was connected to another VM on another NODE, seeing the whole...
  6. M

    Suricata IDS not getting external requests

    Hello, I managed to correctly configure the firewall with Proxmox 4.4 and its integration with Suricata (using this wiki page : https://pve.proxmox.com/wiki/Firewall#_tips_and_tricks). I enabled the HTTP log in Suricata, but I only see inter-vm communications, and not the incoming requests...
  7. G

    SSH TFA blockt Console

    Hallo zusammen, ich habe folgendes Problem: Ich nutze eine TFA mit OTPs sowohl in der Webgui als auch für SSH. Mir ist dann aufgefallen, dass der Zugriff auf die VM Console nicht mehr funktioniert, wenn diese auf einem anderen Server liegt. Heißt ich bin auf Server 1 angemeldet und möchte auf...
  8. A

    containers displaying all storage on host

    I've been playing with containers on my lab cluster, and I noticed that containers can see ALL storage attached to the host by simply checking lsblk, either with priviledged or unpriviledged containers. Is this the correct behavior? if so, how can I go about masking the host's storage from the...
  9. Y

    Suricata Testing

    Hello, i'm testing Suricata as IDS (not IPS).... i have installed all the stuff and i have configured a single VPS debian LXC with LAMP. How can i test if suricata works ? I have tested a query string on the VPS like this...
  10. M

    Ways to pass a user Authentication token??

    .no.help.here. (EDIT)
  11. onlime

    CVE-2016-5195 Dirty COW

    Can you give us a time frame when kernel 4.4.19-1-pve (latest available AFAIK) is going to be patched for CVE-2016-5195 / Dirty COW ?
  12. M

    LXC privilege level?

    I'm up and running with PVE v4.1, and I rather like it so far. However, I ran into a little security snag with LXC today, and that made med start to dig a bit more into LXC security, but first the problem that triggered it all. The problem is that you can view the complete output of the host...
  13. Y

    Security Problem server Violated

    Hello, i have several server violated, root escaletion. Some details: ---------------------------------------------------------------- root@prx:/home/enrico# lsof -p 361304 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME 503 361304 root cwd DIR 0,25 4096...
  14. JonathanB19

    Warning about public portmapper on PVE host

    Sorry if this has been mentioned before but I can't initially find anything. Just got a warning from my ISP about this: The folks at shadowserver security group are reporting open portmapper hosts to us, these need to get fixed as they can be used in amplification denial of service attacks...

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!