nexus/ProxMenux
2
0
Fork 0
mirror of https://github.com/MacRimi/ProxMenux.git synced 2026-06-01 13:04:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
5ca3463bf69d225400a9674e404f8de6b8f9e757
ProxMenux/web/messages/en/docs/security/index.json
T
MacRimi 5ca3463bf6 complete i18n migration to /[locale]/ with EN+ES content 
Full rewrite of the docs site under app/[locale]/ with next-intl
in localePrefix:"always" mode. Every page now exists at both
/en/<path> and /es/<path>; the root / shows a meta-refresh + JS
redirect to /<defaultLocale>/ so GitHub Pages serves something
on the apex URL.

Highlights:
- 107 doc pages migrated to file-per-page JSON namespaces under
  messages/en/ and messages/es/. Spanish content is fully
  translated (no copy-of-English placeholders).
- New documentation for the Active Suppressions section in the
  Settings tab and the per-event Dismiss dropdown in the Health
  Monitor modal.
- New screenshots: dismiss-duration-dropdown.png and an updated
  health-suppression-settings.png.
- Pagefind integrated for client-side search; index is built on
  every CI deploy (not committed).
- RSS feeds: per-locale at /<locale>/rss.xml plus root /rss.xml
  for backward compat.
- Removed the dead app/[locale]/guides/[slug]/ route — every
  guide now has its own static page and no markdown source
  remains.
- Fixed orphan link /guides/nvidia -> /guides/nvidia-manual in
  docs/hardware/nvidia-host.
- Removed obsolete components (footer2, calendar, drawer).

Verified locally with `npm ci && npm run build`: 2804 files in
out/, 231 pages indexed by pagefind, root redirect intact, both
locale roots and the new Active Suppressions docs render OK.
2026-05-31 12:41:10 +02:00

71 lines
5.2 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{
"meta": {
"title": "Proxmox Security — Fail2Ban, Lynis Hardening Audit | ProxMenux",
"description": "Two installable security tools for Proxmox VE: Fail2Ban (intrusion prevention for SSH, the Proxmox web UI and the ProxMenux Monitor) and Lynis (security audit and hardening scanner installed from upstream GitHub).",
"ogTitle": "Proxmox Security — Fail2Ban, Lynis Hardening Audit",
"ogDescription": "Fail2Ban and Lynis for Proxmox VE — intrusion prevention plus a hardening audit installed and managed by ProxMenux.",
"twitterTitle": "Proxmox Security | ProxMenux",
"twitterDescription": "Fail2Ban and Lynis for Proxmox VE — intrusion prevention and hardening audit."
},
"header": {
"title": "Security",
"description": "Two complementary security tools for Proxmox VE: an active defence (Fail2Ban — bans IPs that attack SSH or the web UIs) and an offline audit (Lynis — scans the system for hardening gaps and gives a 0100 score). Both are installed and managed through their own dedicated menu, with detection of an existing install before any action.",
"section": "Security"
},
"intro": {
"title": "Active defence vs. offline audit",
"body": "These two tools answer different questions. <strong>Fail2Ban</strong> answers <em>\"is something attacking us right now?\"</em> by watching auth logs and banning offending IPs. <strong>Lynis</strong> answers <em>\"how hardened is this host?\"</em> by running a one-shot audit and printing concrete recommendations. Use both together: Lynis tells you what to fix, Fail2Ban handles the live abuse."
},
"opening": {
"heading": "Opening the menu",
"body": "From ProxMenux's main menu, select <strong>Security</strong>. You will see this:",
"imageAlt": "Security menu with Fail2Ban and Lynis options"
},
"pick": {
"heading": "Pick your tool",
"body": "The two security tools are independent — install either one, both, or neither. Each card below jumps to the section that explains the tool in detail."
},
"cards": {
"fail2ban": {
"title": "Fail2Ban",
"body": "Active intrusion prevention. Watches SSH and web UI auth logs and bans IPs after repeated failures.",
"bullets": [
"Three jails: SSH, Proxmox UI (8006), ProxMenux Monitor (8008)",
"Fixes Proxmox journald defaults that block auth logs",
"Auto-detects nftables / iptables",
"SSH hardening: MaxAuthTries=3 (Lynis recommendation)"
]
},
"lynis": {
"title": "Lynis",
"body": "Offline security auditor. Scans the host and prints a hardening score plus concrete remediation hints.",
"bullets": [
"Installed from upstream CISOfy GitHub (always latest)",
"Hardening score 0100 + list of warnings and suggestions",
"Run-audit and update actions in-menu",
"Read-only by design — never changes the system"
]
}
},
"workflowTip": {
"title": "Workflow that uses both",
"body": "Run a Lynis audit first to see your starting score and the top recommendations. Apply the fixes you want. Then install Fail2Ban — it implements one of Lynis's most common recommendations (SSH brute-force protection) automatically, and adjusts <code>MaxAuthTries</code> in <code>sshd_config</code> to satisfy the SSH-7408 control. Re-run Lynis afterwards to confirm the score improved."
},
"fail2banSection": {
"heading": "Fail2Ban",
"body": "ProxMenux installs Fail2Ban with a configuration tuned for Proxmox specifically. Beyond the standard SSH jail, it adds protection for the Proxmox web UI and the ProxMenux Monitor, and works around two Proxmox-specific quirks: a journald default that drops auth events, and the systemd-backend issue that prevents Fail2Ban from reading certain journal sources reliably. The detail page covers the full install flow, the three jails, the journald fix, the SSH hardening change and the troubleshooting cheatsheet.",
"optionTitle": "Fail2Ban — install & manage",
"optionDescription": "Three pre-configured jails (sshd aggressive, Proxmox UI port 8006, ProxMenux Monitor port 8008 + reverse proxy), auto-detected nftables/iptables backend, journald fix and SSH MaxAuthTries hardening."
},
"lynisSection": {
"heading": "Lynis",
"body": "ProxMenux clones Lynis from <code>github.com/CISOfy/lynis</code> into <code>/opt/lynis</code> and exposes it as <code>/usr/local/bin/lynis</code>. The Debian package is intentionally avoided because it lags several major versions behind upstream. The detail page covers the install / audit / update / uninstall flow, how to read the report, and how to act on the findings.",
"optionTitle": "Lynis — install, audit & manage",
"optionDescription": "Installs the latest Lynis from the official CISOfy GitHub repo (not the older Debian package), runs system audits with hardening score, and updates via git pull."
},
"componentStatus": {
"heading": "Component status",
"body": "Both installers register their state in <code>/usr/local/share/proxmenux/components_status.json</code> under the <code>security</code> category. ProxMenux uses this file to decide whether to show the install or the manage menu on subsequent runs, and the same data feeds the dashboards in the ProxMenux Monitor when present."
}
}
Reference in New Issue View Git Blame Copy Permalink