From 44014aa2cd48a29e8a5f50865e3fb747a15591ba Mon Sep 17 00:00:00 2001
From: MacRimi <ricoextincion@gmail.com>
Date: Sun, 2 Mar 2025 01:14:53 +0100
Subject: [PATCH] Update

---
 .../docs/post-install/basic-settings/page.tsx |   8 +-
 web/app/docs/post-install/network/page.tsx    |  10 +-
 web/app/docs/post-install/security/page.tsx   | 150 +++++++++++++++++-
 web/app/docs/post-install/storage/page.tsx    |   6 +-
 web/app/docs/post-install/system/page.tsx     |  10 +-
 .../docs/post-install/virtualization/page.tsx |   6 +-
 6 files changed, 167 insertions(+), 23 deletions(-)

diff --git a/web/app/docs/post-install/basic-settings/page.tsx b/web/app/docs/post-install/basic-settings/page.tsx
index 4038290..100f88a 100644
--- a/web/app/docs/post-install/basic-settings/page.tsx
+++ b/web/app/docs/post-install/basic-settings/page.tsx
@@ -155,7 +155,7 @@ export default function BasicSettingsPage() {
           <strong>libguestfs-tools</strong>: A set of tools for accessing and modifying virtual machine disk images
         </li>
       </ul>
-      <p className="text-lg font-semibold mb-2">This adjustment automates the following command:</p>
+      <p className="text-lg mb-2">This adjustment automates the following command:</p>
       <CopyableCode
         code={`
 # Update package lists
@@ -183,7 +183,7 @@ sudo apt-get install -y libguestfs-tools
         improve the speed of package management operations. This is particularly useful in server environments where
         multiple language support is often not required.
       </p>
-      <p className="text-lg font-semibold mb-2">This adjustment automates the following command:</p>
+      <p className="text-lg mb-2">This adjustment automates the following command:</p>
       <CopyableCode
         code={`
 # Configure APT to skip downloading additional languages
@@ -204,7 +204,7 @@ echo 'Acquire::Languages "none";' | sudo tee /etc/apt/apt.conf.d/99-disable-tran
         consistency, and proper functioning of time-sensitive applications. Automatic synchronization ensures your
         Proxmox VE system maintains the correct time without manual intervention.
       </p>
-      <p className="text-lg font-semibold mb-2">This adjustment automates the following command:</p>
+      <p className="text-lg mb-2">This adjustment automates the following command:</p>
       <CopyableCode
         code={`
 # Note: To set timezone automatically based on IP, you can use:
@@ -229,7 +229,7 @@ sudo timedatectl set-timezone "$TIMEZONE"
         performance. This optimization ensures you have the latest patches and features, while also configuring the
         correct repositories for Proxmox VE, enabling access to necessary updates and tools.
       </p>
-      <p className="text-lg font-semibold mb-2">This adjustment automates the following command:</p>
+      <p className="text-lg mb-2">This adjustment automates the following command:</p>
       <CopyableCode
         code={`
 # Disable enterprise Proxmox repository
diff --git a/web/app/docs/post-install/network/page.tsx b/web/app/docs/post-install/network/page.tsx
index eb89872..b13fbee 100644
--- a/web/app/docs/post-install/network/page.tsx
+++ b/web/app/docs/post-install/network/page.tsx
@@ -65,7 +65,7 @@ export default function NetworkSettingsPage() {
         latency, and enhance security. They adjust various kernel parameters related to networking, which is crucial in
         a virtualization environment where network performance directly impacts the performance of VMs and containers.
       </p>
-      <p className="text-lg font-semibold mb-2">This adjustment automates the following commands:</p>
+      <p className="text-lg mb-2">This adjustment automates the following commands:</p>
       <CopyableCode
         code={`
 cat <<EOF | sudo tee /etc/sysctl.d/99-network-performance.conf
@@ -130,7 +130,7 @@ sudo sysctl -p /etc/sysctl.d/99-network-performance.conf
         improving the speed of short-lived connections. These optimizations are particularly beneficial in virtualized
         environments where network performance is crucial for overall system responsiveness.
       </p>
-      <p className="text-lg font-semibold mb-2">This adjustment automates the following commands:</p>
+      <p className="text-lg mb-2">This adjustment automates the following commands:</p>
       <CopyableCode
         code={`
 echo "net.core.default_qdisc = fq" | sudo tee -a /etc/sysctl.d/99-tcp-bbr.conf
@@ -154,7 +154,7 @@ sudo sysctl -p /etc/sysctl.d/99-tcp-fastopen.conf
         is crucial for maintaining and updating your Proxmox VE system. It's particularly useful in networks where IPv6
         connectivity might be unreliable or not fully supported.
       </p>
-      <p className="text-lg font-semibold mb-2">This adjustment automates the following commands:</p>
+      <p className="text-lg mb-2">This adjustment automates the following commands:</p>
       <CopyableCode
         code={`
 echo 'Acquire::ForceIPv4 "true";' | sudo tee /etc/apt/apt.conf.d/99force-ipv4
@@ -172,7 +172,7 @@ echo 'Acquire::ForceIPv4 "true";' | sudo tee /etc/apt/apt.conf.d/99force-ipv4
         tagging and trunking, advanced traffic shaping, and Quality of Service (QoS) capabilities. This is particularly
         beneficial for complex virtualization setups where fine-grained control over network traffic is required.
       </p>
-      <p className="text-lg font-semibold mb-2">This adjustment automates the following commands:</p>
+      <p className="text-lg mb-2">This adjustment automates the following commands:</p>
       <CopyableCode
         code={`
 sudo apt-get update
@@ -196,7 +196,7 @@ sudo ovs-vsctl --version
         environments where multiple VMs and containers share network resources. Optimizations like increasing the TX
         queue length can help prevent packet drops under high load.
       </p>
-      <p className="text-lg font-semibold mb-2">This adjustment automates the following commands:</p>
+      <p className="text-lg mb-2">This adjustment automates the following commands:</p>
       <CopyableCode
         code={`
 # Replace eth0 with your actual interface name
diff --git a/web/app/docs/post-install/security/page.tsx b/web/app/docs/post-install/security/page.tsx
index f99c541..c4aa900 100644
--- a/web/app/docs/post-install/security/page.tsx
+++ b/web/app/docs/post-install/security/page.tsx
@@ -1,11 +1,41 @@
 import type { Metadata } from "next"
 import { Shield } from "lucide-react"
+import CopyableCode from "@/components/CopyableCode"
 
 export const metadata: Metadata = {
   title: "ProxMenux Post-Install: Security Settings",
   description:
-    "In-depth guide to Security Settings in the ProxMenux post-install script for enhancing Proxmox VE security measures and configurations.",
-  // ... (rest of the metadata remains the same)
+    "Comprehensive guide to Security Settings in the ProxMenux post-install script for enhancing Proxmox VE security.",
+  openGraph: {
+    title: "ProxMenux Post-Install: Security Settings",
+    description:
+      "Comprehensive guide to Security Settings in the ProxMenux post-install script for enhancing Proxmox VE security.",
+    type: "article",
+    url: "https://macrimi.github.io/ProxMenux/docs/post-install/security",
+    images: [
+      {
+        url: "https://macrimi.github.io/ProxMenux/security-settings-image.png",
+        width: 1200,
+        height: 630,
+        alt: "ProxMenux Post-Install Security Settings",
+      },
+    ],
+  },
+  twitter: {
+    card: "summary_large_image",
+    title: "ProxMenux Post-Install: Security Settings",
+    description:
+      "Comprehensive guide to Security Settings in the ProxMenux post-install script for enhancing Proxmox VE security.",
+    images: ["https://macrimi.github.io/ProxMenux/security-settings-image.png"],
+  },
+}
+
+function StepNumber({ number }: { number: number }) {
+  return (
+    <div className="inline-flex items-center justify-center w-8 h-8 mr-3 text-white bg-blue-500 rounded-full">
+      <span className="text-sm font-bold">{number}</span>
+    </div>
+  )
 }
 
 export default function SecuritySettingsPage() {
@@ -15,7 +45,121 @@ export default function SecuritySettingsPage() {
         <Shield className="h-8 w-8 mr-2 text-blue-500" />
         <h1 className="text-3xl font-bold">Security Settings</h1>
       </div>
-      {/* ... (rest of the component remains the same) */}
+      <p className="mb-4">
+        The <strong>Security Settings</strong> category focuses on enhancing the security of your Proxmox VE
+        installation. These settings are crucial for protecting your virtualization environment from potential threats
+        and unauthorized access.
+      </p>
+      <h2 className="text-2xl font-semibold mt-8 mb-4">Available Optimizations</h2>
+
+      <h3 className="text-xl font-semibold mt-16 mb-4 flex items-center">
+        <StepNumber number={1} />
+        Disable portmapper/rpcbind
+      </h3>
+      <p className="mb-4">This optimization disables the portmapper/rpcbind service for improved security.</p>
+      <p className="mb-4">
+        <strong>Why it's beneficial:</strong> Disabling unnecessary services like portmapper/rpcbind reduces the attack
+        surface of your system. This service is often not needed in modern environments and can be a potential security
+        risk if left enabled.
+      </p>
+      <p className="text-lg mb-2">This adjustment automates the following commands:</p>
+      <CopyableCode
+        code={`
+# Disable and stop rpcbind
+systemctl disable rpcbind
+systemctl stop rpcbind
+      `}
+      />
+
+      <h3 className="text-xl font-semibold mt-16 mb-4 flex items-center">
+        <StepNumber number={2} />
+        Install Lynis Security Tool
+      </h3>
+      <p className="mb-4">
+        This optimization installs Lynis, a powerful security auditing tool for Unix-based systems.
+      </p>
+      <p className="mb-4">
+        <strong>Why it's beneficial:</strong> Lynis helps identify security vulnerabilities, configuration errors, and
+        provides recommendations for system hardening. Regular security audits with Lynis can significantly improve your
+        system's overall security posture.
+      </p>
+      <p className="text-lg mb-2">This adjustment automates the following commands:</p>
+      <CopyableCode
+        code={`
+# Install Lynis
+apt-get -y install lynis
+      `}
+      />
+
+      <h3 className="text-xl font-semibold mt-16 mb-4 flex items-center">
+        <StepNumber number={3} />
+        Protect Web Interface with fail2ban
+      </h3>
+      <p className="mb-4">
+        This optimization installs and configures fail2ban to protect the Proxmox VE web interface from brute-force
+        attacks.
+      </p>
+      <p className="mb-4">
+        <strong>Why it's beneficial:</strong> fail2ban helps prevent unauthorized access attempts by temporarily banning
+        IP addresses that show malicious signs, such as too many password failures. This adds an extra layer of security
+        to your Proxmox VE web interface.
+      </p>
+      <p className="text-lg mb-2">This adjustment automates the following commands:</p>
+      <CopyableCode
+        code={`
+# Install fail2ban
+apt-get -y install fail2ban
+
+# Configure Proxmox filter
+cat <<EOF > /etc/fail2ban/filter.d/proxmox.conf
+[Definition]
+failregex = pvedaemon\[.*authentication failure; rhost=<HOST> user=.* msg=.*
+ignoreregex =
+EOF
+
+# Configure Proxmox jail
+cat <<EOF > /etc/fail2ban/jail.d/proxmox.conf
+[proxmox]
+enabled = true
+port = https,http,8006,8007
+filter = proxmox
+logpath = /var/log/daemon.log
+maxretry = 3
+bantime = 3600
+findtime = 600
+EOF
+
+# Configure general fail2ban settings
+cat <<EOF > /etc/fail2ban/jail.local
+[DEFAULT]
+ignoreip = 127.0.0.1
+bantime = 86400
+maxretry = 2
+findtime = 1800
+[ssh-iptables]
+enabled = true
+filter = sshd
+action = iptables[name=SSH, port=ssh, protocol=tcp]
+logpath = /var/log/auth.log
+maxretry = 2
+findtime = 3600
+bantime = 32400
+EOF
+
+# Enable and restart fail2ban service
+systemctl enable fail2ban
+systemctl restart fail2ban
+      `}
+      />
+
+      <section className="mt-12 p-4 bg-blue-100 rounded-md">
+        <h2 className="text-xl font-semibold mb-2">Automatic Application</h2>
+        <p>
+          All of these optimizations are automatically applied when selected in the Security section. This automation
+          ensures that these beneficial settings are applied consistently and correctly, saving time and reducing the
+          potential for human error during manual configuration.
+        </p>
+      </section>
     </div>
   )
 }
diff --git a/web/app/docs/post-install/storage/page.tsx b/web/app/docs/post-install/storage/page.tsx
index 53b63d5..aa7bde2 100644
--- a/web/app/docs/post-install/storage/page.tsx
+++ b/web/app/docs/post-install/storage/page.tsx
@@ -64,7 +64,7 @@ export default function StorageSettingsPage() {
         operations and allow for more frequent backups, improving data protection. This is particularly important in
         environments with large amounts of data or tight backup windows.
       </p>
-      <p className="text-lg font-semibold mb-2">This adjustment automates the following commands:</p>
+      <p className="text-lg mb-2">This adjustment automates the following commands:</p>
       <CopyableCode
         code={`
 # Configure bandwidth limit
@@ -90,7 +90,7 @@ echo "ionice: 5" >> /etc/vzdump.conf
         point-in-time recovery, protecting against data loss or corruption. This is especially useful in virtualized
         environments where quick recovery options are crucial.
       </p>
-      <p className="text-lg font-semibold mb-2">This adjustment automates the following commands:</p>
+      <p className="text-lg mb-2">This adjustment automates the following commands:</p>
       <CopyableCode
         code={`
 # Install zfs-auto-snapshot
@@ -118,7 +118,7 @@ sed -i 's|--keep=[0-9]*|--keep=1|g' /etc/cron.monthly/zfs-auto-snapshot
         based on the system's resources, balancing between storage performance and leaving enough memory for other
         processes.
       </p>
-      <p className="text-lg font-semibold mb-2">This adjustment automates the following commands:</p>
+      <p className="text-lg mb-2">This adjustment automates the following commands:</p>
       <CopyableCode
         code={`
 # Calculate ZFS ARC sizes based on RAM
diff --git a/web/app/docs/post-install/system/page.tsx b/web/app/docs/post-install/system/page.tsx
index 3823834..2009c2a 100644
--- a/web/app/docs/post-install/system/page.tsx
+++ b/web/app/docs/post-install/system/page.tsx
@@ -65,7 +65,7 @@ export default function SystemSettingsPage() {
         updates. In a virtualization environment where multiple VMs might be running, minimizing host downtime is
         crucial for maintaining high availability and reducing disruption to services.
       </p>
-      <p className="text-lg font-semibold mb-2">This adjustment automates the following commands:</p>
+      <p className="text-lg mb-2">This adjustment automates the following commands:</p>
       <CopyableCode
         code={`
 sudo apt-get install -y kexec-tools
@@ -88,7 +88,7 @@ echo "alias reboot-quick='systemctl kexec'" >> ~/.bash_profile
         on its own. This is particularly crucial in remote or lights-out data center environments where immediate
         physical access might not be possible.
       </p>
-      <p className="text-lg font-semibold mb-2">This adjustment automates the following commands:</p>
+      <p className="text-lg mb-2">This adjustment automates the following commands:</p>
       <CopyableCode
         code={`
 echo "kernel.panic = 10" | sudo tee /etc/sysctl.d/99-kernelpanic.conf
@@ -112,7 +112,7 @@ sudo sysctl -p /etc/sysctl.d/99-kernelpanic.conf
         concurrent connections and file operations, which is crucial for busy servers hosting multiple VMs or
         containers.
       </p>
-      <p className="text-lg font-semibold mb-2">This adjustment automates the following commands:</p>
+      <p className="text-lg mb-2">This adjustment automates the following commands:</p>
       <CopyableCode
         code={`
 echo "fs.inotify.max_user_watches = 1048576" | sudo tee /etc/sysctl.d/99-maxwatches.conf
@@ -135,7 +135,7 @@ sudo sysctl -p
         space is often at a premium. Additionally, optimized logging reduces I/O operations, potentially improving
         overall system performance.
       </p>
-      <p className="text-lg font-semibold mb-2">This adjustment automates the following commands:</p>
+      <p className="text-lg mb-2">This adjustment automates the following commands:</p>
       <CopyableCode
         code={`
 echo "SystemMaxUse=64M" | sudo tee -a /etc/systemd/journald.conf
@@ -156,7 +156,7 @@ sudo systemctl restart systemd-journald
         memory allocation efficiency, and enhance overall system responsiveness. This is particularly beneficial for
         hosts running memory-intensive workloads or a high number of VMs.
       </p>
-      <p className="text-lg font-semibold mb-2">This adjustment automates the following commands:</p>
+      <p className="text-lg mb-2">This adjustment automates the following commands:</p>
       <CopyableCode
         code={`
 echo "vm.swappiness = 10" | sudo tee /etc/sysctl.d/99-memory.conf
diff --git a/web/app/docs/post-install/virtualization/page.tsx b/web/app/docs/post-install/virtualization/page.tsx
index c4f4906..76716a5 100644
--- a/web/app/docs/post-install/virtualization/page.tsx
+++ b/web/app/docs/post-install/virtualization/page.tsx
@@ -66,7 +66,7 @@ export default function VirtualizationSettingsPage() {
         such as GPU-accelerated workloads or network-intensive applications. It allows VMs to directly access hardware,
         bypassing the hypervisor, which significantly improves performance and reduces latency.
       </p>
-      <p className="text-lg font-semibold mb-2">This adjustment automates the following commands:</p>
+      <p className="text-lg mb-2">This adjustment automates the following commands:</p>
       <CopyableCode
         code={`
 # For Intel CPUs
@@ -123,7 +123,7 @@ sudo apt-get install -y virtualbox-guest-utils
         where many VMs run similar operating systems or applications. By reducing overall memory usage, KSM can improve
         system performance and allow for more efficient resource utilization.
       </p>
-      <p className="text-lg font-semibold mb-2">This adjustment automates the following commands:</p>
+      <p className="text-lg mb-2">This adjustment automates the following commands:</p>
       <CopyableCode
         code={`
 sudo apt-get install -y ksm-control-daemon
@@ -172,7 +172,7 @@ sudo systemctl restart cpufrequtils
         particularly beneficial for databases, in-memory caches, and other applications that manage large amounts of
         memory.
       </p>
-      <p className="text-lg font-semibold mb-2">This adjustment automates the following commands:</p>
+      <p className="text-lg mb-2">This adjustment automates the following commands:</p>
       <CopyableCode
         code={`
 echo "vm.nr_hugepages = 1024" | sudo tee -a /etc/sysctl.conf