Linux

My setup I use the Proxmox Backup Server to create backups of my VMs. The Proxmox Backup Server runs as a VM on a different (TrueNAS) server. The server is connected to a PDU. Therefore the PDU Outlets must be switched on and off… Here is my (preliminary) vzdump hook script #!/bin/bash #set -x remote_user="<remote-user>" remote_host="<remote-host>" backup_host="<proxmox-backup-server>" remote_storage="vaultpbs" replication_process_name="zettarepl:" check_backup_task="ssh ${remote_user}@${backup_host} proxmox-backup-manager task list" check_replication_task="ssh ${remote_user}@${remote_host} pgrep -f ${replication_process_name}" shutdown_backup_host="ssh ${remote_user}@${backup_host} shutdown -P now" shutdown_remote_host="ssh ${remote_user}@${remote_host} shutdown -P now" if [ "$1" == "job-init" ]; then logger "Backup starts. Wake ${remote_host}" # PDU Power on server vault and switch snmpset -v2c -c private 10.0.10.60 .1.3.6.1.4.1.1718.3.2.3.1.11.1.1.2 i 1 snmpset -v2c -c private 10.0.10.60 .1.3.6.1.4.1.1718.3.2.3.1.11.1.1.3 i 1 echo "waiting..." sleep 600 echo "pinging..." ping $remote_host -c 10 /usr/sbin/pvesm set $remote_storage -disable false fi if [ "$1" == "job-end" ]; then logger "Backup finished" while true; do output_backup_task=$(eval ${check_backup_task}) output_replication_task=$(eval ${check_replication_task}) # Check if backup or replication is still running if [ -n "$output_backup_task" ] || [ -n "$output_replication_task" ]; then logger "Backup Jobs still running on ${remote_host}" else logger "Backup finished. Shutdown ${backup_host}" $shutdown_backup_host sleep 300 logger "Backup finished. Shutdown ${remote_host}" $shutdown_remote_host break # Exit the loop if the process is not running fi sleep 120 # Wait for 120 seconds before checking again done /usr/sbin/pvesm set $remote_storage -disable true sleep 600 # PDU Power off server vault and switch snmpset -v2c -c private 10.0.10.60 .1.3.6.1.4.1.1718.3.2.3.1.11.1.1.2 i 2 snmpset -v2c -c private 10.0.10.60 .1.3.6.1.4.1.1718.3.2.3.1.11.1.1.3 i 2 fi exit 0 The purpose of this script. Before backing up the VMs Switching on the server Wait until the server is running Activate the remote_storage - backup destination After the backup of the VMs Check whether other processes are running on the backup server other Proxmox backup processes or (TrueNAS) replication processes Shutdown of the PBS VM Shutdown of the server Deactivate the remote_storage - backup destination Switch off the PDU outlets Add the script to the backup job After creating the script, it needs to be activated so that it is used during a backup job. ...

For some VMs you want to have access to the physical harddrive or SSD. For example if you want to virtualise TrueNAS. There is a good article from Proxmox here One piece is missing and that is how you add the serial number of the HDD/SSD to that device. Here is an example with a TrueNAS VM Install the TrueNAS VM on a standard Proxmox Hard Disk (scsi0) Shutdown the VM after the installation On the proxmox console run lshw -class disk -class storage (you might need to install lshw) Look for the HDD you want to passthrough to the VM Find the serialnumber Get the path/device ls -l /dev/disk/by-id | grep <serialnumber> Add the device to the TrueNAS VM qm set <id-of-the-truenas-vm> -scsi1 /dev/disk/by-id/ata-TOSHIBA_MG09ACA18TE_X220A0X0FJDH Repeat 2-4 for more HDDs - keep in mind to increase the number for -scsi<number> Edit the config file of the VM and add the serials to the of the line of the HDDs devices ,serial=X220A0X0FJDH Example - see scsi1: and scsi2: ...

fail2ban I’m using fail2ban to block script kiddies. Here is one line what you will find in your auth.log May 11 05:32:14 srv01 sshd[79609]: Invalid user postgres from 37.49.226.178 port 46504 This description can help you how to install and configure fail2ban I will update this post with new infos. Installation - Ubuntu / Debian sudo apt-get update sudo apt-get upgrade sudo apt-get install fail2ban Installation FreeBSD sudo pkg install py37-fail2ban Configuration Configuration Ubuntu / Devian cd /etc/fail2ban sudo vi jail.local This configuration is for the sshd daemon. If a user fails to connect three times (maxretry = 3) within 24 hours (findtime = 24h) to login via ssh, he will get banned indefinitely (bantime = -1). ...