nexus/ProxMenux
2
0
Fork 0
mirror of https://github.com/MacRimi/ProxMenux.git synced 2026-06-01 21:14:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
a0058857b97b2c652fa561ae05f7134891bc92e1
ProxMenux/web/messages/en/docs/post-install/security.json
T
MacRimi 5ca3463bf6 complete i18n migration to /[locale]/ with EN+ES content 
Full rewrite of the docs site under app/[locale]/ with next-intl
in localePrefix:"always" mode. Every page now exists at both
/en/<path> and /es/<path>; the root / shows a meta-refresh + JS
redirect to /<defaultLocale>/ so GitHub Pages serves something
on the apex URL.

Highlights:
- 107 doc pages migrated to file-per-page JSON namespaces under
  messages/en/ and messages/es/. Spanish content is fully
  translated (no copy-of-English placeholders).
- New documentation for the Active Suppressions section in the
  Settings tab and the per-event Dismiss dropdown in the Health
  Monitor modal.
- New screenshots: dismiss-duration-dropdown.png and an updated
  health-suppression-settings.png.
- Pagefind integrated for client-side search; index is built on
  every CI deploy (not committed).
- RSS feeds: per-locale at /<locale>/rss.xml plus root /rss.xml
  for backward compat.
- Removed the dead app/[locale]/guides/[slug]/ route — every
  guide now has its own static page and no markdown source
  remains.
- Fixed orphan link /guides/nvidia -> /guides/nvidia-manual in
  docs/hardware/nvidia-host.
- Removed obsolete components (footer2, calendar, drawer).

Verified locally with `npm ci && npm run build`: 2804 files in
out/, 231 pages indexed by pagefind, root redirect intact, both
locale roots and the new Active Suppressions docs render OK.
2026-05-31 12:41:10 +02:00

58 lines
3.5 KiB
JSON
Raw Blame History

{
"meta": {
"title": "Post-Install: Security | ProxMenux Documentation",
"description": "Security options available in the ProxMenux Customizable post-install script. Currently a single option: disable the portmapper/rpcbind service to reduce the host's attack surface."
},
"header": {
"title": "Post-Install: Security",
"section": "Settings post-install Proxmox"
},
"intro": {
"title": "What this category covers",
"body": "Post-install security is limited to <strong>host hardening that is safe to apply unattended</strong> — things that disable services almost nobody needs and that can be undone from the Uninstall menu. Active security tooling (Fail2Ban for intrusion prevention, Lynis for auditing) lives under the dedicated <em>Security</em> entry on ProxMenux's main menu, not here in post-install."
},
"rpcbind": {
"heading": "Disable portmapper / rpcbind",
"intro": "<code>rpcbind</code> (formerly <code>portmap</code>) is a service that maps RPC program numbers to network ports. It is a dependency for NFS and some legacy RPC-based tools. On a typical Proxmox host that is not acting as an NFS server, <strong>nothing uses it</strong> — and leaving it enabled keeps port <code>111/tcp</code> listening on every interface.",
"whyTitle": "Why it's worth disabling",
"whyItems": [
"Reduces the host attack surface — one less listening service to worry about.",
"Historically abused as a reflection/amplification vector in DDoS attacks. Disabling <code>rpcbind</code> removes that amplification factor for your host.",
"Removes the noise it generates in logs and <code>netstat</code> / <code>ss</code> output, making real activity easier to spot."
],
"nfsTitle": "Don't disable this if you use NFS",
"nfsBody": "NFS server <strong>and</strong> NFS client rely on <code>rpcbind</code> to negotiate the ports used by <code>mountd</code>, <code>statd</code>, <code>lockd</code>, etc. If your Proxmox host either <em>exports</em> NFS shares to other machines or <em>mounts</em> NFS shares from a NAS, do not apply this option. Mounts will fail with <code>mount.nfs: rpc.statd is not running</code> or similar.",
"runsTitle": "What ProxMenux runs",
"runsOutro": "The package stays installed (so you or another tool can re-enable it later). The service unit is disabled so the service does not come back on reboot.",
"verifyTitle": "Verification",
"verifyBody": "After applying, confirm <code>rpcbind</code> is off and nothing is listening on port 111:",
"reversibleTitle": "Reversible from the Uninstall menu",
"reversibleBody": "This change is tracked. Open <link>Uninstall Optimizations</link> and pick <em>RPC Disable</em> to restore it. Nothing is purged from the system — just re-enable the service and it starts again."
},
"related": {
"heading": "Related",
"items": [
{
"label": "Security menu",
"href": "/docs/security",
"tail": " — heavier hitters: Fail2Ban (intrusion prevention) and Lynis (audit)."
},
{
"label": "Lynis",
"href": "/docs/security/lynis",
"tail": " — audit the host to find more hardening opportunities."
},
{
"label": "Useful System Commands",
"href": "/docs/help-info/system-commands",
"tail": " — service status, journalctl, lynis audit reference."
},
{
"label": "Customizable Post-Install",
"href": "/docs/post-install/customizable",
"tail": " — back to the parent menu."
}
]
}
}
Reference in New Issue View Git Blame Copy Permalink