Cyber Monitoring tools on ProxMox host?

voidindigo

Active Member
Sep 18, 2018
14
1
41
55
Hello all,

My company is requiring installation of cybersecurity monitoring tools on our Linux systems, and there's been some question about the ProxMox servers I'm running. Currently I'm running two hosts in a cluster, I believe we're still at v5 but they are down at the moment. I don't have a problem upgrading them to v8 (probably a "backup / rebuild cluster / restore" kind of thing) as needed.

My question is, has anyone got experience running something like Carbon Black or CrowdStrike Falcon Server on the ProxMox host OS itself? Is that even possible?

Thanks
Scott
 
I would not install any security tools on V5 PVE, which was based Debian9/Strech. PVE5 was EoL 07/2020 and the underlying OS since 6/30/2022.
If you can even get a package for Deb9 from one of the modern providers, you risk being walked out of the building along with the servers :)

Jokes aside, after you reinstall or upgrade to PVE8, you should have no issues installing appropriate Debian client. There may be many "false positives", depending on the vendor. Just keep in mind to treat PVE as an appliance rather than standard multi-user Linux install.


Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
 
Last edited:
Thanks for the reply, I had a pretty strong feeling it would require at least the upgrade before installing... I know it's a modified kernel, just wanted to know if there were any gotcha's to be aware of
 
Its Debian base with Ubuntu derived Kernel https://pve.proxmox.com/wiki/Proxmox_VE_Kernel#Proxmox_VE_8.x
You can find additions and patches here https://github.com/proxmox/pve-kernel

There will be extra open ports, there will be a root account that cant be disabled, I wouldnt call these "gotchas". Normal appliance artifacts.
Throw PVE in a VM of your corporate Hypervisor and run the scan there if you want to preview the results.


Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
 
Last edited:
Just FYI (anyone else that finds this) I did manage to backup the 5.X cluster and rebuild / restore an 8.0.3 cluster, then install both Carbon Black and CrowdStrike Falcon Server on the ProxMox hosts... and it's all running great.
 
  • Like
Reactions: Winck

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!