From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 5193A6F03F for ; Fri, 27 Aug 2021 18:47:29 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 4BFD027491 for ; Fri, 27 Aug 2021 18:47:29 +0200 (CEST) Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam07on2070c.outbound.protection.outlook.com [IPv6:2a01:111:f400:7eb2::70c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 5A0B82747E for ; Fri, 27 Aug 2021 18:47:25 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=G6Iu9ffNbe4m4/zccHSVE2Zlv83+SX3Zd6XkrUEl2Q+OO2j5yBgPI7Mec5G+oKX/LWkmnTlIEQfXU5pm9V9JdUl28vX0sZkAr7qd/wWMs7PBDwkDxwTbOnMUgkLWXXrajLHcJMmAQF0e55z6V9IhV6xu1HOGb+cVdagvQb6zLPA+rkzOs6USmPqe9X8T2bu2viSYY0qKgmCNMZ0/nKGW0SJDJENB1PKM13Lq+qaACUPmxpNtkv8E8WQ1PrpClKJe6F7/+/R6VlbH5yJLPD+JEel/yHvxEivanbcRibLwjMFitYMMfigTm0GJRFQuFbzuP5cl6mFnJLL/a8kIv5rrZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3ztYMtcv5qd0aIooY2wye332VEhbyLrIyZlMUL5o8RI=; b=Yo8fDbNJxMWDNChL5IxElSOHyGvnRBZQOyF2S13rgan5TmtpBUQMPycLT5pdHLnHaVOgLZOObWj9uXcHtbZjtS7acdzvzN87hAz+C4L1BF40QQ3UNqihVWMKGmjbSVOHsVk2bmuwqD2BJODeCXpOPw95mFyKxTwBn6ItYMKQXjYsR4lMvIKukXlauM2WUt0FUgXX2JqrIuXFY0zTOG06inX71nh/xKlA0gH/kYjxYSQHr+tI2z2cBOCV6pPLv0gmHvp1ekEy7CIwofoFkAmKvs75vlLuh9E5l4UBRkCNhLs6MCiTvBv7CLvqhq3AXGeprIidZ1+0G4OCjqvenSXtLA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=edgeuno.com; dmarc=pass action=none header.from=edgeuno.com; dkim=pass header.d=edgeuno.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=edgeuno.onmicrosoft.com; s=selector1-edgeuno-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3ztYMtcv5qd0aIooY2wye332VEhbyLrIyZlMUL5o8RI=; b=k4iwjG8uWnPAtFTmzVUwN1Wg0olFnAgt6ABe6AcUbDePLOFML1gqN3MoKZSDKumENc7hMV7SvFlNqfRx//X5czZgLIRRrrZpaBmVbTzeSIPuFtGU3qffpFniIqzXbUHK9kvT/X3gG5ZRxrn8Z4TjlwmNJKTFItVAeppwrBlRHXU= Authentication-Results: lists.proxmox.com; dkim=none (message not signed) header.d=none;lists.proxmox.com; dmarc=none action=none header.from=edgeuno.com; Received: from BN7PR05MB4052.namprd05.prod.outlook.com (2603:10b6:406:8e::26) by BN8PR05MB6194.namprd05.prod.outlook.com (2603:10b6:408:47::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4457.16; Fri, 27 Aug 2021 16:47:16 +0000 Received: from BN7PR05MB4052.namprd05.prod.outlook.com ([fe80::95e4:1751:ad15:a3b5]) by BN7PR05MB4052.namprd05.prod.outlook.com ([fe80::95e4:1751:ad15:a3b5%5]) with mapi id 15.20.4478.009; Fri, 27 Aug 2021 16:47:16 +0000 To: pve-user@lists.proxmox.com From: Lucas Gabriel Salvatierra Message-ID: Date: Fri, 27 Aug 2021 13:47:08 -0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 Content-Language: en-US X-ClientProxiedBy: CP5P284CA0041.BRAP284.PROD.OUTLOOK.COM (2603:10d6:103:96::10) To BN7PR05MB4052.namprd05.prod.outlook.com (2603:10b6:406:8e::26) MIME-Version: 1.0 Received: from [IPv6:2800:810:476:1e:fdcb:a84c:b1f1:af1e] (2800:810:476:1e:fdcb:a84c:b1f1:af1e) by CP5P284CA0041.BRAP284.PROD.OUTLOOK.COM (2603:10d6:103:96::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4457.17 via Frontend Transport; Fri, 27 Aug 2021 16:47:15 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: e603f7ad-ad56-4e9e-f604-08d9697a537c X-MS-TrafficTypeDiagnostic: BN8PR05MB6194: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6108; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: i+MBThxxlULwOTR+KFhp2Pk4OQ+J7HADnD+rTB/sjBaP5tKWOCG4ifj7YEThSrhGlW2ZzxTPQO9I8Q48qV9QFIXrJDCzCMX6LEZHIHdpbMRUtaqUrvI82QYQpruVOInfPrmWXRxe7YTu096IF6i1rp/9dV4g+uIWl8zsx0mzEQ419v19c2dUAFQeHIpMQoZYmJQEScVVkoSxiGfqC28up9rCJ/ZMdBDOEqMKMV3PKQSs85hYMpIq7FPZaRy5O2pMUv13r3K25nz9tsNyd+A1NQoqxe3gdfI1fCJtvIU93zMr+Ck9JmIb/pIIr78IoyGgjCYx5Z2HHeRCcuMTBHP3OAg4fVtsspi35pNvoyicWvv1s5OsVdZ4jlx2+dil3+DlkTBbxz+kZDNjgpsA62sUg+hCxgmc6X3GfYfRj0x3PcL8JiuzQfXrrpgGwgFjyUBBhNNKmxcX5H/I0FXegrImwcZ9AueRGH7OU2yOzLzfFbMcLXzqMVnCZpHU15C3gLxsROyWTdvkN1aX9z1hcJ3UMLRtzo+/yB7xbu7jwiw3/8mRyXpltnU/fovev7TUJP++MptnNqZ6fdAtA5TWSID3RxG2jJxHwKr19gSCsl91vGBoO/nN266yUdq3qfcFkhMs18e+nYWgHXFTDD8H+OJ0EG79IRYKjOR6dM8OC6P2RRZRmUW5O1gKKBE61Fcsm9Cojidkv6UEjlkL1iVpkWzY03xHVqrrJGCQ5bBa9bajQrk= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN7PR05MB4052.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(346002)(366004)(39840400004)(396003)(136003)(376002)(2616005)(86362001)(66476007)(66556008)(66946007)(316002)(6916009)(508600001)(7116003)(31696002)(2906002)(6486002)(83380400001)(8936002)(38100700002)(36756003)(3480700007)(8676002)(52116002)(6666004)(33964004)(31686004)(186003)(5660300002)(43740500002)(45980500001); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?a3VBU2dkckY5RUtUemM2aHIyMzVUcEw3MFVWeHNPc0FaTXdXbndoSHArSFRZ?= =?utf-8?B?c1RlWkdsUGtSRmhmNTg5K2cwNzRhQ0xraXVzazMyMVRPQ0VNTTlHeUhsR2JZ?= =?utf-8?B?NmNzZVhPZDI5U3RoakxneGFIdXQzY2lpZEpVcEhBVlpVbWZ2RFppMTFrVCsv?= =?utf-8?B?elVRek15VlNoMHVKajFHV3JrbFlURUY3bTRBUEVMZHI2b3I0YnVPdHkyRzI2?= =?utf-8?B?ZG01bnh3aTV6anJaOURTRDRkazBqMjNsckt6R0JFbkdHZ0hvTHhnb0JxV2Zm?= =?utf-8?B?ZE9lcmJBTkNtSThiOFo2Z3hyTUk4QjBqTkdyU1VxVEFBVCtQQURzd0NtOUlL?= =?utf-8?B?QUloWEt5MzlkZVBIZDIxRTlaZHdYWkJNdURYTUxnZlBxWjRnbEdTV3h2aWtt?= =?utf-8?B?R2l3SHF3UkVhTng2Nm9Zd04zaEswSHljUSttdk16TEZhSjZYTnRVdHdnSElv?= =?utf-8?B?MUhQZmZNdWZiVHk5VXRnZDFtajAvSjk4QThKeFBpUGR0RUZ2UHlpV1Ard3FY?= =?utf-8?B?Umt1bWhGQ1Rvd0tzNEREK2lYak9XVVBySjdqSmdSSHhaSmxZaGFzZGw1MjY5?= =?utf-8?B?SHFmVkNFMUU1UjU5enBJOTVXSGhVdEYrWTJHcUZ5MVdTZm9GS3FmMS8rcnEv?= =?utf-8?B?ZG5tek5DamlpT1IwWGk4Q0d4V1ZLUWRpSjBoSHhGOFRBeXE2cVAvTFlnalA5?= =?utf-8?B?NEZPZ1p3dmZRZy9ZYUh5TnpiejF6Z3JrTngvWCttRjdTeFZmVWlQNXFIYUxq?= =?utf-8?B?SnRrRlVQaktVLzY1S3B4b3VOdEZQNjZtRENneEhiRzdIa2xiREVnWVFUTXBT?= =?utf-8?B?WTI3Vk1nZzVLMjNrMzRsR243citoRUcveDBXZUltaGR2NExac2VjYm5SdllR?= =?utf-8?B?RVhlemtCdXh6K2RYWmNYb29VY0t0NlJhd3M5ejduQXMxblB5NVMvR215ODdE?= =?utf-8?B?ZSs0SjgxYXUrNUdTMjNId0FlWXZnemZLRTFyZU9udE9sdnc1MU1oYkNJTVdz?= =?utf-8?B?VzdJVnlDeXhWL3Q4eWJYbDllSlpSR0RVUVJWQ3dTQ2Y3dzZ2SVpKVnQwWktC?= =?utf-8?B?MlhseDVNck5obVV2Vkg1VTdYNkl4cTdKV1AvdHd2bHNuclNCOCtUSVp0ZUJP?= =?utf-8?B?RHhPODRiVy90alJYVXFNYTVmTVoxVVMrekNVYXAvNHNqOUxEN3FhZkZMTXp5?= =?utf-8?B?dmMrelNxMENNbFhxZzN5Nk9ROW1wa3EzT0xjMkRYUGxQL0trLzljZVg1L081?= =?utf-8?B?dFdXdUFLN1kyc0RYTWJWeTVKMExDMTMrbjNSUE9WZ2JTQWVFcHN5ckNvK1VV?= =?utf-8?B?SWFzQ3hJTm8wTW91Y1dPdmxoS3QvS1VnRUZoYVVUVGZrLzlRTCtLTmp2cWVQ?= =?utf-8?B?TnBlWVA4R1l5VWcrSTRSendaMldxK1BONkxhSzVwSGlEcytCM05yT1YwdkpI?= =?utf-8?B?elVNMDdHSEg1aHpxaUh6OUNTVE9tU0g3aTZxenpmNGkxOHNFOEUyUFJ5UXQ3?= =?utf-8?B?VmVBU3piNVhGeFRmbGd5TXlNVWl5aTQ3WWNrcXorb3VIL1d3WWkxQ1RycUZB?= =?utf-8?B?bC9GRGhNdDlWQml2WTcxeWo0bmRsa2ZYVEk0a2tHOXVoUVFBaEM5blRzcDE3?= =?utf-8?B?bC8weHdraExKZ3RWVmM4UnNXTG5IK2k5TlBoM0Zrd2tRWWNZT0o4Y01QZUVN?= =?utf-8?B?MUxRLzlZZXB5aitKQVpTaXo1VU9uNXEvb0poOHJTWVllZmtpT2wxSGpYZHhP?= =?utf-8?B?N1BaTktFV3ZJK05aT0FrVW0vK0NvZy9zSUZsRzdWbVdBR2hSYlRCajF2UGlx?= =?utf-8?B?WlV5OXlsTzRsNWlNdnFBZ3A5d0dKR2RLRXJkY1Ftc0NuRnpXY2grMHhzVEFR?= =?utf-8?Q?e4wxoIhxiAObn?= X-OriginatorOrg: edgeuno.com X-MS-Exchange-CrossTenant-Network-Message-Id: e603f7ad-ad56-4e9e-f604-08d9697a537c X-MS-Exchange-CrossTenant-AuthSource: BN7PR05MB4052.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Aug 2021 16:47:15.9599 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 20879dba-fabf-45da-8300-60b8ce560217 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: peLnuCX/OrOHd1k3/D8grs73F3RtWCj3ZQXR/+eAFntzt6fuyOZ1M91CjACnDMuZJ5GdAl19KAwKoTl/gzCyHm0r9yjmuXtY8LssJxuLJp4= X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR05MB6194 X-SPAM-LEVEL: Spam detection results: 0 BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature HTML_MESSAGE 0.001 HTML included in message MSGID_FROM_MTA_HEADER 0.001 Message-Id was added by a relay RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no trust SPF_HELO_PASS -0.001 SPF: HELO matches SPF record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [edgeuno.onmicrosoft.com] Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 Subject: [PVE-User] CIS Benchmark Fails X-BeenThere: pve-user@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE user list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Aug 2021 16:47:29 -0000 Hello! I have found the following CIS Benchmark fails on PVE: 2576 - Disable IPv6 Shouldn't PVE have IPv6 disabled by default, and only as an option for thos= e who use it? 2578 - Ensure packet redirect sending is disabled 2579 - Ensure IP forwarding is disabled 2580 - Ensure source routed packets are not accepted 2581 - Ensure ICMP redirects are not accepted 2582 - Ensure secure ICMP redirects are not accepted Furthermore, is packet redirecting required to be enabled by default? Would= n't this potentially turn PVE into an attack vector? Cheers =E2=80=9CThis communication is the property of EdgeUno or one of its group = companies and/or affiliates. This electronic message contains information w= hich may be privileged or confidential. The information is intended to be f= or the exclusive use of the individual(s) named above and if you are not th= e intended recipient be aware that any non-explicitly authorized disclosure= , copying, distribution or use of the contents of this information, even if= partially, including attached files, is strictly prohibited, and will be c= onsidered a criminal offense. Please notify legal@edgeuno.com about the uni= ntended receipt of this electronic message and delete it.=E2=80=9D