New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
guide for kvm fresh install
anyone have a tutorial for how to setup and secure a kvm server for a complete kvm noob who has never used kvm before? Ive gone through the install of the OS but pretty much went through the guided install and installed openssh. Just wondering if there are any extra steps to take when using a kvm vps.
Comments
There shouldn't be much difference from what you'd use to secure OpenVZ. The first thing I usually do on any new VPS is to disable password authentication and root login for SSH and use keys instead.
Well, I'd say change your SSH port, disable password login and use private key auth, maybe setup LVM encryption, there isn't really much difference than how you'd setup and secure a OpenVZ or Xen VPS.
For your particular OS, start with the following.
To have the server e-mail you everytime someone logs in as root, SSH into server and login as root. At command prompt type: nano .bash_profile Scroll down to the end of the file and add the following line: echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | awk '{print $6}'`" [email protected] Save and exit.8 - Decide what software to install. PHP, mysql, ruby, etc., Follow recommendations to secure them.
9 - Linux system tools
http://www.cyberciti.biz/tips/top-linux-monitoring-tools.html
10 - Find tutorials for a specific os, tasks, etc.,
http://www.cyberciti.biz/faq/category/linux/
http://www.howtoforge.com/
Have fun!
By the way, ask your VPS provider if they have any recommended tweaks. For example, RAMNODE has this available on their website.
https://clientarea.ramnode.com/knowledgebase.php?action=displayarticle&id=56
Here's my comprehensive IPTables security guide that you may find helpful. Customize it for your needs. You can ignore the Asterisk section.
https://blog.ls20.com/securing-your-asterisk-voip-server-with-iptables/
The other thread has more security tips contributed by several LETers:
http://lowendtalk.com/discussion/20572/guide-basic-steps-to-secure-your-ubuntu-debian-server
yupp I installed my ubuntu image following that tutorial but other than that it didnt really give an insight to someone from there. ie: there is no openssh installed by default etc.
thanks for the insight tho guys, I have mainly been using openvz and have been looking to venture into kvm. In openvz everything is either one-click installed versus on a kvm I found myself having to mount the install and reinstalling from scratch, I did read somewhere about the iptables security as well but didnt know where to start. This is great, hope it will help others who are looking for the same info.