LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Virtualization and Cloud (http://www.linuxquestions.org/questions/linux-virtualization-and-cloud-90/)
-   -   KVM apache web server guest on samba local network file server-- security (http://www.linuxquestions.org/questions/linux-virtualization-and-cloud-90/kvm-apache-web-server-guest-on-samba-local-network-file-server-security-919146/)

mbvpixies78 12-16-2011 09:18 PM

KVM apache web server guest on samba local network file server-- security
 
I have a CentOS 6 server that I'd like to modify and I want opinions on the security risks involved.



The host is CentOS local file server with ssh (non-default port, no root login, gpg key validation) and samba to backup and share common files for 2 other end devices.

On this host I want to create a guest KVM CentOS web server and isolate it as much as possible from the host, as per http://publib.boulder.ibm.com/infoce...curity_pdf.pdf

this includes separate NICs for guest kvm and host.

How risky is this to security of the host fileserver in running a guest kvm web server?

I don't want to be running two separate computers and using up all of that electricity, but I want to be secure. This is for personal use, not an "enterprise" environment, but at the same time, I want to make sure I have all vectors of attack covered as much as is possible.

Thanks.

mbvpixies78 02-15-2013 09:53 PM

I've yet to find any discussions of the relative security of a vm vs. a traditional installation, if there is any difference at all. What I do find are articles on the relative security and safety of dumb terminals that essentially get their OSes and content over the internet from a server a la the old days when people logged into a mainframe remotely at their otherwise useless terminals. Strange how history repeats itself.

Anyway, I've configured it differently, but essentially I've set up an Apache Software Foundation download mirror at home on a dedicated box using a CentOS vm. I wanted to use KVM, but it acted strangely and refused to boot, complaining (on different hardware) about something missing that would never install, so I went with VirtualBox.

The only problem I have now I will mention in a separate thread, involving being notified via email whenever VirtualBox takes a dump (if that is indeed what is happening periodically.)


All times are GMT -5. The time now is 07:01 AM.