I am running CSF firewall on the HW node and it has a checkup script which does some checks and suggest some solutions.
Those checks are primarily designed for a common LAMP server and not for PROXMOX, however this is a question to the staff:
Will those suggestions break something if I implement them?
Suggestions:
No4 is really strange as I don't have DNS server running! Unless something is there which it shoudn't.
Comments?
Those checks are primarily designed for a common LAMP server and not for PROXMOX, however this is a question to the staff:
Will those suggestions break something if I implement them?
Suggestions:
- WARNING /var/tmp should either be symlinked to /tmp or mounted as a filesystem
- WARNING /tmp should be mounted as a separate filesystem with the noexec,nosuid options set
- WARNING /dev/shm is not mounted with the noexec,nosuid options (currently: nosuid). You should modify the mountpoint in /etc/fstab for /dev/shm with those options and remount
- WARNING You have a local DNS server running but do not appear to have any recursion restrictions set. This is a security and performance risk and you should look at restricting recursive lookups to the local IP addresses only
No4 is really strange as I don't have DNS server running! Unless something is there which it shoudn't.
Comments?