PCI-DSS Compliance

V

Voyaller

Member
Nov 15, 2020
17
2
8
Hello,

We need be compliant with PCI-DSS.

Systems hardening and vulnerability appeasements are a big part of the process.

In the past I've used my trusted CIS Benchmarks to harden various new deployments of different systems

I have some considerations with Proxmox and the hardening process before i jump into the lab, one of them being the root account that we most likely have to disable.
Proxmox is a Debian OS with a lot more additional components on top of it. I'm afraid that if i start to harden the system it will stop functioning the way it should.

I'm opening this thread in order to gather information and experiences from other people in similar situation.
 
Last edited:
Have no experience with PCI-DSS, but "disabling root account" means "no root account in the system" or "create other username with the same functionality as root"? The later may allow you just to rename the "root" user. I just can't imagine how to maintain a root less system.

Beside that, most Proxmox services run as root and ssh password less login is set up among nodes in a cluster for their root user, so simply disabling root will indeed break Proxmox.
 
su
VictorSTS said:
Have no experience with PCI-DSS, but "disabling root account" means "no root account in the system" or "create other username with the same functionality as root"? The later may allow you just to rename the "root" user. I just can't imagine how to maintain a root less system.

Beside that, most Proxmox services run as root and ssh password less login is set up among nodes in a cluster for their root user, so simply disabling root will indeed break Proxmox.
Click to expand...
"no root account in the system"

-> it's impossible ;)

pci-dss just say: you can't log directly with root account, you need personal login for each person for tracability + sudo if needed.

disable ssh login with password in sshd_config should be enough for proxmox root actions.
 
  • Like
Reactions: Voyaller and Stoiko Ivanov
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back