KVM: differenze tra le versioni

Vai alla navigazione Vai alla ricerca

KVM (visualizza wikitesto)

Versione delle 02:11, 13 feb 2016

16 byte rimossi ,  13 feb 2016
nessun oggetto della modifica
Nessun oggetto della modifica
Nessun oggetto della modifica
Riga 1: Riga 1:
KVM è un'infrastruttura di virtualizzazione del kernel Linux. KVM attualmente supporta una completa virtualizzazione usando Intel VT o AMD-V
KVM è un'infrastruttura di virtualizzazione del kernel Linux. KVM attualmente supporta una completa virtualizzazione usando Intel VT o AMD-V
<br />
<br />


==== Configurazione: ====
 
= Configurazione =
100GB disco qcow2 e 1GB swap, rete bridge breig0, server VNC (non interferisce con le regole di iptables in basso), dispositivo RNG /dev/random, processore opteron_g3, <emulator> /usr/bin/kvm<br />
100GB disco qcow2 e 1GB swap, rete bridge breig0, server VNC (non interferisce con le regole di iptables in basso), dispositivo RNG /dev/random, processore opteron_g3, <emulator> /usr/bin/kvm<br />




'''tasksel''':<br />
==tasksel==
--- ambiente desktop, --- server di stampa, +++ server ssh<br />
--- ambiente desktop, --- server di stampa, +++ server ssh<br />


Riga 14: Riga 13:
</pre>
</pre>


'''software per log e sicurezza''':<br />
==software per log e sicurezza==
Possono essere configurati per mandare mail, per ora scrivono in /var/log/ e in /var/mail/eigen
Possono essere configurati per mandare mail, per ora scrivono in /var/log/ e in /var/mail/eigen
* logcheck: scrive un riassunto dei log, cercando di eliminare tutte le righe inutili.
* logcheck: scrive un riassunto dei log, cercando di eliminare tutte le righe inutili.
Riga 32: Riga 31:
</pre>
</pre>


Per '''aggiornare i pacchetti'''
==aggiornare i pacchetti==
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
aptitude update && aptitude full-upgrade
aptitude update && aptitude full-upgrade
Riga 45: Riga 44:




==== Modifiche ai file di configurazione: ====
= Modifiche ai file di configurazione: =


'''/etc/rkhunter.conf'''
====/etc/rkhunter.conf====
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
#DISABLE_TESTS=suspscan hidden_procs deleted_files packet_cap_apps apps
#DISABLE_TESTS=suspscan hidden_procs deleted_files packet_cap_apps apps
Riga 53: Riga 52:
</pre>
</pre>


'''.bashrc'''
====.bashrc====
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
export LS_OPTIONS='--color=auto'
export LS_OPTIONS='--color=auto'
Riga 85: Riga 84:
</pre>
</pre>


'''/etc/ssh/sshd_config'''
====/etc/ssh/sshd_config====
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u
AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u
Riga 93: Riga 92:
Per adesso c'è la chiave dei nodi. è da rimuovere dopo aver configurato monkeysphere (aggiungere i certificatori con "monkeysphere-authentication add-identity-certifier $fingerprint" e gli id autorizzati in .monkeysphere/authorized_user_ids)<br />
Per adesso c'è la chiave dei nodi. è da rimuovere dopo aver configurato monkeysphere (aggiungere i certificatori con "monkeysphere-authentication add-identity-certifier $fingerprint" e gli id autorizzati in .monkeysphere/authorized_user_ids)<br />


'''/root/.ssh/authorized_keys'''
====/root/.ssh/authorized_keys====
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCr+J+hhlUnYhKLOnW55aZhJrdHHSQU9XXoP0DcMuvIQ3+SYV6ZZJLMvcdN7puSdkcKiK9DEpsN8uCWfIsxu8LkWJfq6Q/DUBkwvXgKlpbisFaj82ucy7ioiZ1aEc6LMQ/VxG4iHCnGXjWqNLA9sB9lgVDXD29lm8n/i99DHNI8TLHzV9aXz3uR39IqvD4zFBZPSsoDvZ9BsOC6TIUl+Ua0lx1olJxwGawK9he52G55RHhMI+NYj5/wMp80kOhtzRN5F0wRt08Yv2Wu0Kx9akRJBOmI+CcfxxEk7Fcg/kCHG8evS4i4chSMBbBLjOhTk/+Q6nbT3TNIeG2LAtUpml2f node_key@eigenlab
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCr+J+hhlUnYhKLOnW55aZhJrdHHSQU9XXoP0DcMuvIQ3+SYV6ZZJLMvcdN7puSdkcKiK9DEpsN8uCWfIsxu8LkWJfq6Q/DUBkwvXgKlpbisFaj82ucy7ioiZ1aEc6LMQ/VxG4iHCnGXjWqNLA9sB9lgVDXD29lm8n/i99DHNI8TLHzV9aXz3uR39IqvD4zFBZPSsoDvZ9BsOC6TIUl+Ua0lx1olJxwGawK9he52G55RHhMI+NYj5/wMp80kOhtzRN5F0wRt08Yv2Wu0Kx9akRJBOmI+CcfxxEk7Fcg/kCHG8evS4i4chSMBbBLjOhTk/+Q6nbT3TNIeG2LAtUpml2f node_key@eigenlab
</pre>
</pre>


'''/etc/monkeysphere/monkeysphere-authentication.conf'''
====/etc/monkeysphere/monkeysphere-authentication.conf====
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
LOG_LEVEL=DEBUG
LOG_LEVEL=DEBUG
Riga 104: Riga 103:
</pre>
</pre>


'''/etc/crontab'''
====/etc/crontab====
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
0  *    * * *  root    /usr/sbin/monkeysphere-authentication update-users &> /dev/null
0  *    * * *  root    /usr/sbin/monkeysphere-authentication update-users &> /dev/null
</pre>
</pre>


'''/etc/logcheck/logcheck.conf'''
====/etc/logcheck/logcheck.conf====
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
#SENDMAILTO="logcheck"
#SENDMAILTO="logcheck"
Riga 115: Riga 114:
</pre>
</pre>


'''/etc/iptables/rules.v4'''
====/etc/iptables/rules.v4====
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
# Generated by iptables-save v1.4.21 on Sat May  2 23:51:15 2015
# Generated by iptables-save v1.4.21 on Sat May  2 23:51:15 2015
Riga 131: Riga 130:
</pre>
</pre>


'''/etc/iptables/rules.v6'''
====/etc/iptables/rules.v6====
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
# Generated by ip6tables-save v1.4.21 on Sat May  2 23:51:15 2015
# Generated by ip6tables-save v1.4.21 on Sat May  2 23:51:15 2015
Riga 147: Riga 146:
</pre>
</pre>


'''/etc/resolv.conf'''
====/etc/resolv.conf====
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
domain eigenlab.org
domain eigenlab.org
Riga 156: Riga 155:




'''/etc/network/interfaces'''
====/etc/network/interfaces====
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
auto lo
auto lo
Riga 177: Riga 176:
</pre>
</pre>


'''/etc/pam.d/su'''
====/etc/pam.d/su====
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
auth      required  pam_wheel.so
auth      required  pam_wheel.so
</pre>
</pre>


'''/etc/ssmtp/ssmtp.conf'''
====/etc/ssmtp/ssmtp.conf====
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
#
#
Riga 215: Riga 214:
<br />
<br />


==== Dopo aver clonato ====
= Dopo aver clonato =
bisogna modificare questi file
bisogna modificare questi file
* /etc/network/interfaces ''(cambiare ip)''
* /etc/network/interfaces ''(cambiare ip)''
* /etc/hostname ''(aggiornare hostname)''
* /etc/hostname ''(aggiornare hostname)''
* /etc/hosts
* /etc/hosts
e per evitare che tutte le chiavi siano uguali
e per evitare che tutte le chiavi del server ssh siano uguali
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
rm /etc/ssh/ssh_host_* && dpkg-reconfigure openssh-server
rm /etc/ssh/ssh_host_* && dpkg-reconfigure openssh-server
</pre>
</pre>
Kiba
28

contributi

Estratto da "https://wiki.eigenlab.org/Speciale:DiffMobile/525"

Menu di navigazione