Mirrors/ProxMenux
1
0
Fork 0
mirror of https://github.com/MacRimi/ProxMenux.git synced 2025-06-28 04:06:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update page.tsx

Browse Source
This commit is contained in:
MacRimi 2025-05-13 21:40:01 +02:00
parent ab8a952061
commit 20695a7c31
1 changed files with 93 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

156
web/app/docs/post-install/security/page.tsx
View File

@ -71,13 +71,13 @@ systemctl stop rpcbind
`} `}
/> />
<h3 className="text-xl font-semibold mt-16 mb-4 flex items-center"> <h3 className="text-xl font-semibold mt-16 mb-4 flex items-center">
<StepNumber number={2} /> <StepNumber number={2} />
Install Lynis Security Tool Install Lynis Security Tool
</h3> </h3>
<p className="mb-4"> <p className="mb-4">
Lynis is a comprehensive security auditing tool that analyzes your system, detects vulnerabilities, and provides recommendations for improving security. Lynis is a comprehensive security auditing tool that analyzes your system, detects vulnerabilities, and provides
recommendations for improving security.
</p> </p>
<p className="mb-4"> <p className="mb-4">
<strong>How it works:</strong> Lynis scans the system and evaluates various security parameters, including: <strong>How it works:</strong> Lynis scans the system and evaluates various security parameters, including:
@ -89,11 +89,26 @@ systemctl stop rpcbind
<li>File permissions and system integrity</li> <li>File permissions and system integrity</li>
<li>Malware detection and system hardening suggestions</li> <li>Malware detection and system hardening suggestions</li>
</ul> </ul>
<p className="text-lg mb-2">This adjustment automates the following command:</p> <p className="mb-4">
<strong>Installation method:</strong> ProxMenux now installs the latest version of Lynis directly from the
official GitHub repository to ensure you have the most up-to-date security scanning capabilities.
</p>
<p className="text-lg mb-2">This adjustment automates the following process:</p>
<CopyableCode <CopyableCode
code={` code={`
# Install Lynis # Install Git (if not already installed)
apt-get -y install lynis apt-get update -qq
apt-get install -y git
# Clone Lynis from GitHub
git clone https://github.com/CISOfy/lynis.git /opt/lynis
# Create wrapper script for easy execution
cat << 'EOF' > /usr/local/bin/lynis
#!/bin/bash
cd /opt/lynis && ./lynis "$@"
EOF
chmod +x /usr/local/bin/lynis
`} `}
/> />
<p className="text-lg mt-4">To run a system security audit, execute:</p> <p className="text-lg mt-4">To run a system security audit, execute:</p>
@ -103,46 +118,61 @@ apt-get -y install lynis
lynis audit system lynis audit system
`} `}
/> />
<p className="text-lg mt-4">To check the installed Lynis version:</p>
<CopyableCode
code={`
# Display Lynis version
lynis show version
`}
/>
<h3 className="text-xl font-semibold mt-16 mb-4 flex items-center">
<StepNumber number={3} />
Protect Web Interface with Fail2Ban
</h3>
<p className="mb-4">
Fail2Ban enhances security by monitoring login attempts and banning malicious IPs that attempt unauthorized
access.
</p>
<p className="mb-4">
<strong>How it works:</strong> Fail2Ban analyzes logs, detects repeated authentication failures, and
automatically bans the source IP address to prevent further attacks.
</p>
<ul className="list-disc pl-5 mb-4">
<li>Protects the Proxmox VE web interface from brute-force attacks</li>
<li>Prevents unauthorized SSH access by banning repeated failed login attempts</li>
<li>Automatically blocks malicious IPs to reduce attack vectors</li>
</ul>
<h3 className="text-xl font-semibold mt-16 mb-4 flex items-center"> <h4 className="text-lg font-semibold mt-4">Fail2Ban Configuration Overview</h4>
<StepNumber number={3} /> <p className="mb-4">Fail2Ban is configured with the following security policies:</p>
Protect Web Interface with Fail2Ban <ul className="list-disc pl-5 mb-4">
</h3> <li>
<p className="mb-4"> <strong>Ban Duration:</strong> 24 hours for SSH and 1 hour for Proxmox
Fail2Ban enhances security by monitoring login attempts and banning malicious IPs that attempt unauthorized access. </li>
</p> <li>
<p className="mb-4"> <strong>Max Retries:</strong> 2 failed attempts for SSH, 3 for Proxmox
<strong>How it works:</strong> Fail2Ban analyzes logs, detects repeated authentication failures, and automatically bans the source IP address to prevent further attacks. </li>
</p> <li>
<ul className="list-disc pl-5 mb-4"> <strong>Find Time:</strong> 30 minutes for SSH, 10 minutes for Proxmox
<li>Protects the Proxmox VE web interface from brute-force attacks</li> </li>
<li>Prevents unauthorized SSH access by banning repeated failed login attempts</li> <li>
<li>Automatically blocks malicious IPs to reduce attack vectors</li> <strong>Log Monitoring:</strong> <code>/var/log/auth.log</code> for SSH and <code>/var/log/daemon.log</code>{" "}
</ul> for Proxmox
</li>
</ul>
<h4 className="text-lg font-semibold mt-4">Fail2Ban Configuration Overview</h4> <p className="text-lg mb-2">This adjustment automates the following command:</p>
<p className="mb-4"> <CopyableCode
Fail2Ban is configured with the following security policies: code={`
</p>
<ul className="list-disc pl-5 mb-4">
<li><strong>Ban Duration:</strong> 24 hours for SSH and 1 hour for Proxmox</li>
<li><strong>Max Retries:</strong> 2 failed attempts for SSH, 3 for Proxmox</li>
<li><strong>Find Time:</strong> 30 minutes for SSH, 10 minutes for Proxmox</li>
<li><strong>Log Monitoring:</strong> <code>/var/log/auth.log</code> for SSH and <code>/var/log/daemon.log</code> for Proxmox</li>
</ul>
<p className="text-lg mb-2">This adjustment automates the following command:</p>
<CopyableCode
code={`
# Install Fail2Ban # Install Fail2Ban
apt-get -y install fail2ban apt-get -y install fail2ban
`} `}
/> />
<p className="text-lg mt-4"></p> <p className="text-lg mt-4"></p>
<CopyableCode <CopyableCode
code={` code={`
# Create the Fail2Ban filter for Proxmox # Create the Fail2Ban filter for Proxmox
cat <<EOF > /etc/fail2ban/filter.d/proxmox.conf cat <<EOF > /etc/fail2ban/filter.d/proxmox.conf
[Definition] [Definition]
@ -150,11 +180,11 @@ lynis audit system
ignoreregex = ignoreregex =
EOF EOF
`} `}
/> />
<p className="text-lg mt-4"></p> <p className="text-lg mt-4"></p>
<CopyableCode <CopyableCode
code={` code={`
# Create a jail configuration for Proxmox # Create a jail configuration for Proxmox
cat <<EOF > /etc/fail2ban/jail.d/proxmox.conf cat <<EOF > /etc/fail2ban/jail.d/proxmox.conf
[proxmox] [proxmox]
@ -167,11 +197,11 @@ lynis audit system
findtime = 600 findtime = 600
EOF EOF
`} `}
/> />
<p className="text-lg mt-4"></p> <p className="text-lg mt-4"></p>
<CopyableCode <CopyableCode
code={` code={`
# Configure general Fail2Ban settings # Configure general Fail2Ban settings
cat <<EOF > /etc/fail2ban/jail.local cat <<EOF > /etc/fail2ban/jail.local
[DEFAULT] [DEFAULT]
@ -190,20 +220,20 @@ lynis audit system
bantime = 32400 bantime = 32400
EOF EOF
`} `}
/> />
<p className="text-lg mt-4"></p> <p className="text-lg mt-4"></p>
<CopyableCode <CopyableCode
code={` code={`
# Enable and restart Fail2Ban # Enable and restart Fail2Ban
systemctl enable fail2ban systemctl enable fail2ban
systemctl restart fail2ban systemctl restart fail2ban
`} `}
/> />
<p className="text-lg mt-4">Check active Fail2Ban jails:</p> <p className="text-lg mt-4">Check active Fail2Ban jails:</p>
<CopyableCode <CopyableCode
code={` code={`
# Display Fail2Ban status # Display Fail2Ban status
fail2ban-client status fail2ban-client status
@ -213,22 +243,23 @@ lynis audit system
# Check status of SSH protection # Check status of SSH protection
fail2ban-client status ssh-iptables fail2ban-client status ssh-iptables
`} `}
/> />
<h4 className="text-lg font-semibold mt-4">Managing Fail2Ban</h4> <h4 className="text-lg font-semibold mt-4">Managing Fail2Ban</h4>
<p className="mb-4">You can manually unban an IP if needed:</p> <p className="mb-4">You can manually unban an IP if needed:</p>
<CopyableCode <CopyableCode
code={` code={`
# Unban an IP from SSH protection # Unban an IP from SSH protection
fail2ban-client set ssh-iptables unbanip <IP_ADDRESS> fail2ban-client set ssh-iptables unbanip <IP_ADDRESS>
# Unban an IP from Proxmox protection # Unban an IP from Proxmox protection
fail2ban-client set proxmox unbanip <IP_ADDRESS> fail2ban-client set proxmox unbanip <IP_ADDRESS>
`} `}
/> />
<p className="mt-4">Fail2Ban automatically protect your Proxmox VE and SSH access, reducing the risk of brute-force attacks.</p>
<p className="mt-4">
Fail2Ban automatically protect your Proxmox VE and SSH access, reducing the risk of brute-force attacks.
</p>
<section className="mt-12 p-4 bg-blue-100 rounded-md"> <section className="mt-12 p-4 bg-blue-100 rounded-md">
<h2 className="text-xl font-semibold mb-2">Automatic Application</h2> <h2 className="text-xl font-semibold mb-2">Automatic Application</h2>
@ -241,4 +272,3 @@ lynis audit system
</div> </div>
) )
} }