LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Virtualization and Cloud
User Name
Password
Linux - Virtualization and Cloud This forum is for the discussion of all topics relating to Linux Virtualization and Linux Cloud platforms. Xen, KVM, OpenVZ, VirtualBox, VMware, Linux-VServer and all other Linux Virtualization platforms are welcome. OpenStack, CloudStack, ownCloud, Cloud Foundry, Eucalyptus, Nimbus, OpenNebula and all other Linux Cloud platforms are welcome. Note that questions relating solely to non-Linux OS's should be asked in the General forum.

Notices

Reply
 
LinkBack Search this Thread
Old 12-16-2011, 09:18 PM   #1
mbvpixies78
Member
 
Registered: Nov 2007
Location: IL
Distribution: CentOS 6 & Fedora 17
Posts: 179
Blog Entries: 3

Rep: Reputation: 15
KVM apache web server guest on samba local network file server-- security


I have a CentOS 6 server that I'd like to modify and I want opinions on the security risks involved.



The host is CentOS local file server with ssh (non-default port, no root login, gpg key validation) and samba to backup and share common files for 2 other end devices.

On this host I want to create a guest KVM CentOS web server and isolate it as much as possible from the host, as per http://publib.boulder.ibm.com/infoce...curity_pdf.pdf

this includes separate NICs for guest kvm and host.

How risky is this to security of the host fileserver in running a guest kvm web server?

I don't want to be running two separate computers and using up all of that electricity, but I want to be secure. This is for personal use, not an "enterprise" environment, but at the same time, I want to make sure I have all vectors of attack covered as much as is possible.

Thanks.
 
Old 02-15-2013, 09:53 PM   #2
mbvpixies78
Member
 
Registered: Nov 2007
Location: IL
Distribution: CentOS 6 & Fedora 17
Posts: 179
Blog Entries: 3

Original Poster
Rep: Reputation: 15
I've yet to find any discussions of the relative security of a vm vs. a traditional installation, if there is any difference at all. What I do find are articles on the relative security and safety of dumb terminals that essentially get their OSes and content over the internet from a server a la the old days when people logged into a mainframe remotely at their otherwise useless terminals. Strange how history repeats itself.

Anyway, I've configured it differently, but essentially I've set up an Apache Software Foundation download mirror at home on a dedicated box using a CentOS vm. I wanted to use KVM, but it acted strangely and refused to boot, complaining (on different hardware) about something missing that would never install, so I went with VirtualBox.

The only problem I have now I will mention in a separate thread, involving being notified via email whenever VirtualBox takes a dump (if that is indeed what is happening periodically.)
 
  


Reply

Tags
centos, kvm, security


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Set up Spicevmc Channel on Ubuntu 11.04 as KVM Server and spice-vdagent as a KVM guest LXer Syndicated Linux News 0 06-15-2011 07:10 PM
Testing web server on local network with ports... how to use with hosts file? raisinlove Linux - Server 4 06-08-2009 01:39 PM
Apache and LiteSpeed Web Server Security banajah Linux - Security 1 06-14-2006 10:22 PM
Web server in local network serving to internet librano Linux - Networking 1 04-25-2006 02:58 PM
my web server can't be reached by local network tiang_ono Linux - Software 4 07-14-2005 08:02 PM


All times are GMT -5. The time now is 12:19 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration