Security
Secure your SUDO command
As SUDO is the key to your entire system, you should consider making it secure by require login by 2FA and your password. We are using the Google Authenticator PAM module for this.
Security
Today security is more important than ever in the history of computing. Take it seriously and be prepared - a security breach is to happen any day. Hardening servers is the key to create secure environments where data is secure and systems work 24/7. Remember it's not if, but when.
Build
Warnings and Welcome Banners
A personalized SSH banner is fun. But also most companies have them. It is easy to do the banner. So follow this quick guide and you have one.
Install
Proxmox Security – Fail2ban
All servers should be protected against Brute Force Attacks. Fail2Ban may reduce the rate of incorrect authentication attempts, but it can't eliminate the risk presented by weak authentication.
Build
Proxmox New Install – Firewall
Security is very important, especially for home labs, we don't have the 24/7 IT-Security Staff to handle things. Several large attacks have recently been utilizing stolen credentials from home users. Yes, home labs are low-hanging fruit for hackers and especially wannabees.
Install
Proxmox New Install - SSH
As SSH is our mostly used tool, we need to make it safe.
Install
Admin users in Proxmox
We do not want to use root for everything, actually we can't allow it. We need admin groups and administration accounts. Furthermore, we need to segregate and use other users and groups with lesser privileges on our cluster and servers.
Install
Stop Brute Force Attacks
It's common practice to harden any server beyond the typical 60-70% state they are at end of installation. Fail2ban is one of the tools. As all a home lab is a prime target, we need to take extra steps to secure the servers we have, exposed and not exposed ones alike.
Install
SSH Logins
There is easy ways and there is smart ways. Today we take a look at the smart way. Usage of SSH-keygen and the config-file. Instead of typing: ssh [email protected] -p 12345, just type: ssh newwebsite.
News
SSH Changes
SSH-keygen changed default algorithm and fixed security issues.
Remote Access
SSH Tunneling
Configure SSH Tunnel (Port Forwarding) on macOS, Linux and Windows using OpenSSH. In this example, I will show how to tunnel an RDP connection traffic over OpenSSH.
Basics
What's on my Network
Do you know who's on your network? Set up a Network Intrusion Monitor and you know. Used Pi.Alert but found an alternative, WatchYourLAN with Telegram or something.
Basics
Monitoring
Proxmox monitoring using #influxdb and #grafana running in a LXC container. Monitoring is a key part of the security and hardening process.