Hardening Compliance
The Compliance page evaluates your Proxmox infrastructure against security hardening best practices. It identifies misconfigurations, insecure defaults, and deviations from security frameworks, giving you a clear picture of your security posture.
Overview
ProxCenter runs automated compliance checks against your Proxmox nodes, VMs, and cluster configuration. Each check produces a pass, fail, or warning result with a description of what was tested, why it matters, and how to remediate failures.
Results are grouped by category and presented as an overall compliance score per node and per cluster.
Check Categories
| Category | Examples |
|---|---|
| SSH Hardening | Root login disabled, key-only authentication, protocol version |
| Kernel Parameters | ASLR enabled, SYN cookies, IP forwarding settings |
| Filesystem | Noexec on /tmp, proper mount options, world-writable files |
| Authentication | Password complexity, account lockout, PAM configuration |
| Network | Unnecessary open ports, firewall enabled, ICMP settings |
| Proxmox-Specific | Two-factor authentication, API token permissions, cluster encryption |
| TLS/Certificates | Certificate expiry, cipher strength, self-signed certificate detection |
Running Compliance Scans
- Navigate to Security > Compliance
- Select the target nodes or clusters to scan
- Click Run Scan -- ProxCenter connects via SSH and evaluates each check
- Results appear in real time as checks complete
Scans can also be scheduled to run automatically (e.g., daily or weekly) with results stored for trend analysis.
Results Dashboard
The compliance dashboard shows:
- Overall score -- Percentage of checks passing across all scanned nodes
- Per-node breakdown -- Drill into each node to see its individual results
- Trend chart -- Track compliance improvement or regression over time
- Severity distribution -- Critical, high, medium, and low findings
Remediation Guidance
Each failed check includes:
- A description of the security risk
- The expected configuration value
- The actual value found on the node
- Step-by-step remediation instructions
Compliance checks require SSH access to the Proxmox nodes. Ensure SSH connections are configured in Settings > Connections before running a scan.
Hardening Compliance is available in the Enterprise edition.
Permissions
| Permission | Description |
|---|---|
security.view | View compliance scan results |
security.manage | Run compliance scans and configure schedules |