hax/Proxoptimizer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Proper README added

Browse source 
Signed-off-by: hax <hax@lainlounge.xyz>
This commit is contained in:
h@x 2024-12-15 06:52:29 +00:00
parent 866071dc32
commit f651dd04fb
1 changed files with 110 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

112
README.md
View file

@ -1,3 +1,111 @@
# Proxoptimizer # Proxmox Hardening and Optimization Script 🚀🔒
Optimize Proxmox and if wished, add 2FA on Logon and SSH This repository contains a script designed to improve your Proxmox's performance and security. The script will automatically configure essential settings for your system, such as optimizing network protocols, security measures, logging configurations, and more.
The user is only required to respond to a few prompts, and the script will take care of the rest.
## Features ✨
Force APT to use IPv4 🌐⚡
Disable portmapper/rpcbind for security 🛑🛡️
Ensure entropy pools are populated 🔑💻
Protect the web interface with Fail2Ban 🛡️🚨
Limit the size and optimize journald 📓📊
Ensure ksmtuned is enabled and optimized 🧠💡
Enable restart on kernel panic, kernel oops, and hard lockup 🔄⚠️
Increase max user watches, FD limit, FD ulimit, and max key limit 🧰🔧
Optimize logrotate 🔄
Installing Google-Authenticator for 2FA (SSH & TUI) 📓🛡️
## Prerequisites 📋
Make sure your server meets the following requirements before running the script:
A Proxmox system (Version 8.0 or newer)
Sudo privileges / or logged in with root
Internet connection for package installations
## How to Use the Script 🛠️
1. Download the Script
Clone the repository to your server:
```bash
git clone https://git.lainlounge.xyz/hax/Proxoptimizer.git
cd server-hardening-optimization
```
2. Make the Script Executable
```bash
chmod +x optimize-server.sh
```
3. Run the Script
Execute the script with root privileges:
```bash
sudo ./optimize-server.sh
```
The script will automatically ask you questions during execution, such as:
- Force APT to use IPv4? (yes/no)
- Disable rpcbind for security? (yes/no)
- Ensure entropy pools are populated? (yes/no)
- Enable Fail2Ban for web protection? (yes/no)
- Limit and optimize journald log size? (yes/no)
- Enable and optimize ksmtuned based on RAM? (yes/no)
- Enable kernel panic restart? (yes/no)
- Increase system limits (FD, user watches)? (yes/no)
- Optimize logrotate settings? (yes/no)
- Installing 2FA for SSH and TUI) (yes/no)
After answering the prompts, the script will apply the changes automatically.
## Script Details 📝
1. Force APT to Use IPv4 🌐⚡
The script will automatically configure APT to use IPv4 for faster network performance.
2. Disable Portmapper/RPCbind 🛑🛡️
To enhance security, rpcbind will be disabled to prevent exposure to vulnerabilities.
3. Ensure Entropy Pools Are Populated 🔑💻
haveged will be installed and configured to ensure your server has enough entropy for secure cryptographic operations.
4. Protect the Web Interface with Fail2Ban 🛡️🚨
If the script detects a web interface (nginx/apache), Fail2Ban will be configured to block brute force attacks automatically.
5. Limit and Optimize Journald 📓📊
Journald logs will be configured to limit their size and optimize retention to prevent excessive disk usage.
6. Enable and Optimize ksmtuned 🧠💡
ksmtuned will be enabled and configured based on your server's RAM size to improve memory management.
7. Enable Kernel Panic, Kernel Oops, and Hard Lockup Restart 🔄⚠️
The system will be configured to automatically restart after a kernel panic or hard lockup to minimize downtime.
8. Increase System Limits 🧰🔧
The script will increase the maximum number of file descriptors, user watches, and ulimit to prevent resource exhaustion during high load.
9. Optimize Logrotate 🔄
Logrotate configurations will be optimized to ensure proper log file rotation without excessive disk usage.
## Notes 📝
This script is intended to be run on a fresh or optimized server setup.
Its recommended to review the changes the script makes, even though it automates everything based on the default configurations.
A reboot may be required for some changes to take effect, particularly those involving kernel parameters and system services.
## Contributing 🤝
Feel free to fork the repository and create a pull request if you have any suggestions for improvements. Make sure to follow best practices and test any changes on a staging server before applying them to production.
License 📄
This project is licensed under the MIT License see the LICENSE.md file for details.