Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


How guest OS can prevent host OS executing commands on it?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

How guest OS can prevent host OS executing commands on it?

postcdpostcd Member
edited August 2016 in Help

Hello,

when having OpenVZ or a KVM VPS, can i run some task that will kill/terminate all commands from the host server, like vzctl exec, vzctl enter and others so i prevent host entering or executing commands on guest?

I can run some script like

while true;do

for vzpid in $(ps ax|grep "vzctl"|grep -v grep|awk '{print $1}');do kill -9 $vzpid;done

done

But not sure if that would be effective. Is there any better way that will not hurt VPS performance and be effective?

Comments

  • You are kidding, aren't you?

  • Remove /bin/bash and /bin/sh inside the VPS, the host will not be able to do vzctl enter.

    Thanked by 2netomx cassa
  • When removing /bin/bash and /bin/sh, you won't be able to execute any script within the VPS yourself. Booting the VPS may even become impossible as some boot scripts may rely on bash or sh to execute.

    Thanked by 1postcd
  • dailydaily Member
    edited August 2016

    _

  • rds100rds100 Member
    edited August 2016

    @Bafly i know :) But you should look at this user's previous history here, and the kind of questions he asks all the time.

    Now to the question - you could modify /bin/sh and /bin/bash to check the name of their parent process and refuse to run (or do something else) if the name is vzctl.

    Thanked by 2Bafly netomx
  • @postcd

    If the host really wants to get in your container, they could simply enter /vz/root/yourctid and find all your files there.

    Now, a host could also just terminate that script of yours and then vzctl enter :P

  • emgemg Veteran
    edited August 2016

    The short answer is definitely No.

    You can make it difficult for the VPS provider, perhaps very difficult, but not impossible. If the provider has very strong technical skills along with the time and interest, the provider can make your VPS run whatever they want.

    P.S. ... and with more time and effort, they can make it impossible for you to detect.

  • renames vzctl to init

  • ALT+F4

    sir.

  • Looking at the posting history, god bless your provider.

  • power off should do

Sign In or Register to comment.