IDS/malware solution

Rickb

New Member
Jan 16, 2024
9
2
3
After the webminar this morning on VMware/Broadcom cluster of changes. We are now actively looks for new platform to get off VMware asap.

We have been testing Proxmox after the announcement in the beginning of the year and we are finding that Proxmox should be able to give us what we need but the one item is going to be the loss of NSX which has advanced router and the IDS system. Does anyone have any input on a IDS system for Proxmox as we might be able to work around the router needs but the IDS is important to use?

Thx!
 
PVE is based on Debian 12 userland with custom Ubuntu LTS kernel. So the open source IDS software with Debian support should work for the PVE host too. Something like wazuh, suricata and so on.
 
I'm using suricata in production, works fine.

Also, you can also use crowdsec
https://www.crowdsec.net/

to improve firewall (parsing pve-firewall for dynamic blacklist, block port scan..) or even add a crowsec agent in your vms for layer7 inspection and block at pve-firewall level.
 
  • Like
Reactions: liberodark
Thanks everyone. I am looking into these.

Couple of follow up questions.

Do both Suricata and Crowdsec have to be installed on each Proxmox host of the cluster(s)?
Do both only protect at the vm level after you enable on the vm manually?
Seems like crowdsec might do a better job at blocking (IDP)?
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!