Portal Home > Knowledgebase > Articles Database > How to secure OpenVZ host and VPSs?
How to secure OpenVZ host and VPSs?
| Posted by ReubenL, 09-14-2010, 11:00 AM |
| Hi all,
I have a dedicated server which I've configured for VPS hosting and I would like to know how I can secure the host/node?
I'm running CentOS 5 64bit with OpenVZ and SolusVM on the host.
The VPSs are running Ubuntu 9.10 & CentOS 5, both 64bit.
I've read that OpenVZ does not fully iptables. Is this true?
How can I secure the host/node?
|
| Posted by Dave W, 09-14-2010, 11:27 AM |
| ssh keys, change ssh port, no root login, firewall, intrusion detection.
You know, the normal stuff
|
| Posted by ReubenL, 09-14-2010, 11:34 AM |
| I've tried installing CSF to no avail. It keeps giving errors about the iptables "filters" module. Even after entering the filters module directly in the config file. APF does the same. After some reading I came to the understanding that the OpenVZ kernel does not support iptables?
Because iptables is not supported by the OpenVZ kernel, it will not be possible to setup a firewall on each VPS.
Any other ideas?
|
| Posted by Dave W, 09-14-2010, 11:37 AM |
| CSF is problematic on a host node but you can certainly install it. Where you run into kernel issues with CSF is inside the VM's, and that is easy to fix by loading the kernel modules that csf requires. If you want to see which ones are missing then simply run the csf test script in /etc/csf.
If you are having a specific problem with modules perhaps you should get a bit more specific about your error.
|
| Posted by InstaCarma_Support, 09-15-2010, 01:14 AM |
| Yeah, it is possvible to install both CSF a APF on an OpenVZ node with no issues. For the error related to IPTABLE FILTERS, you need to load the corresponding kernel module.
There is nothing specific to done on a hardware node other than normal server security steps.
|
Add to Favourites 
Print this Article
Also Read
Good SSL? (Views: 546)