Proxmox Virtual Environment
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Version 7.8-Systemd
Linux From Scratch Version 7.8-systemd Created by Gerard Beekmans Edited by Douglas R. Reno Linux From Scratch: Version 7.8-systemd by Created by Gerard Beekmans and Edited by Douglas R. Reno Copyright © 1999-2015 Gerard Beekmans Copyright © 1999-2015, Gerard Beekmans All rights reserved. This book is licensed under a Creative Commons License. Computer instructions may be extracted from the book under the MIT License. Linux® is a registered trademark of Linus Torvalds. Linux From Scratch - Version 7.8-systemd Table of Contents Preface .......................................................................................................................................................................... vii i. Foreword ............................................................................................................................................................. vii ii. Audience ............................................................................................................................................................ vii iii. LFS Target Architectures ................................................................................................................................ viii iv. LFS and Standards ............................................................................................................................................ ix v. Rationale for Packages in the Book .................................................................................................................... x vi. Prerequisites -
Pluggable Authentication Modules
Who this book is written for This book is for experienced system administrators and developers working with multiple Linux/UNIX servers or with both UNIX and Pluggable Authentication Windows servers. It assumes a good level of admin knowledge, and that developers are competent in C development on UNIX-based systems. Pluggable Authentication Modules PAM (Pluggable Authentication Modules) is a modular and flexible authentication management layer that sits between Linux applications and the native underlying authentication system. The PAM framework is widely used by most Linux distributions for authentication purposes. Modules Originating from Solaris 2.6 ten years ago, PAM is used today by most proprietary and free UNIX operating systems including GNU/Linux, FreeBSD, and Solaris, following both the design concept and the practical details. PAM is thus a unifying technology for authentication mechanisms in UNIX. This book provides a practical approach to UNIX/Linux authentication. The design principles are thoroughly explained, then illustrated through the examination of popular modules. It is intended as a one-stop introduction and reference to PAM. What you will learn from this book From Technologies to Solutions • Install, compile, and configure Linux-PAM on your system • Download and compile third-party modules • Understand the PAM framework and how it works • Learn to work with PAM’s management groups and control fl ags • Test and debug your PAM confi guration Pluggable Authentication Modules • Install and configure the pamtester utility -
Security Guide
Fedora 19 Security Guide A Guide to Securing Fedora Linux Johnray Fuller John Ha David O'Brien Scott Radvan Eric Christensen Adam Ligas Murray McAllister Scott Radvan Daniel Walsh Security Guide Dominick Grift Eric Paris James Morris Fedora 19 Security Guide A Guide to Securing Fedora Linux Edition 19.1 Author Johnray Fuller [email protected] Author John Ha [email protected] Author David O'Brien [email protected] Author Scott Radvan [email protected] Author Eric Christensen [email protected] Author Adam Ligas [email protected] Author Murray McAllister [email protected] Author Scott Radvan [email protected] Author Daniel Walsh [email protected] Author Dominick Grift [email protected] Author Eric Paris [email protected] Author James Morris [email protected] Copyright © 2007-2013 Fedora Project Contributors. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. The original authors of this document, and Red Hat, designate the Fedora Project as the "Attribution Party" for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. -
SUSE Linux Enterprise Server 15 SP2 Security and Hardening Guide Security and Hardening Guide SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server 15 SP2 Security and Hardening Guide Security and Hardening Guide SUSE Linux Enterprise Server 15 SP2 Introduces basic concepts of system security, covering both local and network security aspects. Shows how to use the product inherent security software like AppArmor, SELinux, or the auditing system that reliably collects information about any security-relevant events. Supports the administrator with security-related choices and decisions in installing and setting up a secure SUSE Linux Enterprise Server and additional processes to further secure and harden that installation. Publication Date: September 24, 2021 SUSE LLC 1800 South Novell Place Provo, UT 84606 USA https://documentation.suse.com Copyright © 2006– 2021 SUSE LLC and contributors. All rights reserved. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or (at your option) version 1.3; with the Invariant Section being this copyright notice and license. A copy of the license version 1.2 is included in the section entitled “GNU Free Documentation License”. For SUSE trademarks, see https://www.suse.com/company/legal/ . All other third-party trademarks are the property of their respective owners. Trademark symbols (®, ™ etc.) denote trademarks of SUSE and its aliates. Asterisks (*) denote third-party trademarks. All information found in this book has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE LLC, its -
A Performance Study of VM Live Migration Over the WAN
Master Thesis Electrical Engineering April 2015 A Performance Study of VM Live Migration over the WAN TAHA MOHAMMAD CHANDRA SEKHAR EATI Department of Communication Systems Blekinge Institute of Technology SE-371 79 Karlskrona Sweden This thesis is submitted to the School of Computing at Blekinge Institute of Technology in partial fulfillment of the requirements for the degree of Master of Science in Electrical Engineering on Telecommunication Systems. The thesis is equivalent to 40 weeks of full time studies. Contact Information: Author(s): Taha Mohammad, Chandra Sekhar Eati. E-mail: [email protected], [email protected]. University advisor(s): Dr. Dragos Ilie, Department of Communication Systems. University Examiner(s): Prof. Kurt Tutschku, Department of Communication Systems. School of Computing Blekinge Institute of Technology Internet : www.bth.se SE-371 79 Karlskrona Phone : +46 455 38 50 00 Sweden Fax : +46 455 38 50 57 Abstract Virtualization is the key technology that has provided the Cloud computing platforms a new way for small and large enterprises to host their applications by renting the available resources. Live VM migration allows a Virtual Machine to be transferred form one host to another while the Virtual Machine is active and running. The main challenge in Live migration over WAN is maintaining the network connectivity during and after the migration. We have carried out live VM migration over the WAN migrating different sizes of VM memory states and presented our solutions based on Open vSwitch/VXLAN and Cisco GRE approaches. VXLAN provides the mobility support needed to maintain the network connectivity between the client and the Virtual machine. -
Guide to the Secure Configuration of Red Hat Enterprise Linux 5
Guide to the Secure Configuration of Red Hat Enterprise Linux 5 Revision 4.2 August 26, 2011 Operating Systems Division Unix Team of the Systems and Network Analysis Center National Security Agency 9800 Savage Rd. Suite 6704 Ft. Meade, MD 20755-6704 2 Warnings Do not attempt to implement any of the recommendations in this guide without first testing in a non- production environment. This document is only a guide containing recommended security settings. It is not meant to replace well- structured policy or sound judgment. Furthermore this guide does not address site-specific configuration concerns. Care must be taken when implementing this guide to address local operational and policy concerns. The security changes described in this document apply only to Red Hat Enterprise Linux 5. They may not translate gracefully to other operating systems. Internet addresses referenced were valid as of 1 Dec 2009. Trademark Information Red Hat is a registered trademark of Red Hat, Inc. Any other trademarks referenced herein are the property of their respective owners. Change Log Revision 4.2 is an update of Revision 4.1 dated February 28, 2011. Added section 2.5.3.1.3, Disable Functionality of IPv6 Kernel Module Through Option. Added discussion to section 2.5.3.1.1, Disable Automatic Loading of IPv6 Kernel Module, indicating that this is no longer the preferred method for disabling IPv6. Added section 2.3.1.9, Set Accounts to Disable After Password Expiration. Revision 4.1 is an update of Revision 4 dated September 14, 2010. Added section 2.2.2.6, Disable All GNOME Thumbnailers if Possible. -
Ovirt Architecture
oVirt Architecture Itamar Heim Director, RHEV-M Engineering, Red Hat oVirt Engine Architecture 1 oVirt Engine Large scale, centralized management for server and desktop virtualization Based on leading performance, scalability and security infrastructure technologies oVirt Engine Architecture 2 Kenrel-based Virtual Machine (KVM) ● Included in Linux kernel since 2006 ● Runs Linux, Windows and other operating system guests ● Advanced features ● Live migration ● Memory page sharing ● Thin provisioning ● PCI Pass-through ● KVM architecture provides high “feature-velocity” – leverages the power of Linux oVirt Engine Architecture 3 Linux as a Hypervisor? ● What makes up a hypervisor ? ● Hardware management ● Device drivers ● I/O Stack ● Resource Management ● Scheduling ● Access Control ● Power Management ● Memory Manager ● Device Model (emulation) ● Virtual Machine Monitor oVirt Engine Architecture 4 Linux as a Hypervisor? ● What makes up a hypervisor ? ● Hardware management ● Device drivers ● I/O Stack ● Resource Management Operating System Kernel ● Scheduling ● Access Control ● Power Management ● } Memory Manager ● Device Model (emulation) ● Virtual Machine Monitor oVirt Engine Architecture 5 Linux as a Hypervisor? How well does Linux perform as a hypervisor? Isn't Linux a general purpose operating system? Linux is architected to scale from the smallest embedded systems through to the largest multi-socket servers ● From cell phones through to mainframes KVM benefits from mature, time tested infrastructure ● Powerful, scalable memory manager -
Network Issues in Virtual Machine Migration
Network Issues in Virtual Machine Migration Hatem Ibn-Khedher∗, Emad Abd-Elrahman∗, Hossam Afifi∗ and Jacky Forestiery ∗Institut Mines-Telecom (IMT), Telecom SudParis, Saclay, France. Email: fhatem.ibn khedher, emad.abd elrahman, hossam.afifi[email protected] yOrange Labs, Issy Les Moulineaux, France. Email: [email protected] Abstract—Software Defined Networking (SDN) is based ba- A. Network Functions Virtualization sically on three features: centralization of the control plane, programmability of network functions and traffic engineering. Network Functions Virtualization (NFV) [1] virtualizes the The network function migration poses interesting problems that network equipment (Router, DPI, Firewall...). We will not we try to expose and solve in this paper. Content Distribution discuss about hardware. We will rather consider software based Network virtualization is presented as use case. NFV architecture. It is a concept that decouples network Index Terms—Virtualization, SDN, NFV, QoS, Mobility functions from its underlying hardware. Then, it enables the software to run on virtualized generic environment. Therefore, I. INTRODUCTION several virtual appliances can share the single hardware re- The virtualization of resources has addressed the network sources. architecture as a potential target. The basic tasks required in NFV brings several benefits [2] such as reducing CAPEX the virtualization substrate are instantiation of new network and OPEX, promoting flexibility and innovation of the virtual functions, migration and switching. These basic tasks are network functions already implemented. Moreover, it has been strongly dependent on the underlying network configuration introduced as a new networking facility that poised to amend and topology in a way that makes them tributary of the network the core structure of telecommunication infrastructure to be conditions. -
Security Guide Security Guide SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP4 Security Guide Security Guide SUSE Linux Enterprise Server 12 SP4 Introduces basic concepts of system security, covering both local and network security aspects. Shows how to use the product inherent security software like AppArmor or the auditing system that reliably collects information about any security-relevant events. Publication Date: September 24, 2021 SUSE LLC 1800 South Novell Place Provo, UT 84606 USA https://documentation.suse.com Copyright © 2006– 2021 SUSE LLC and contributors. All rights reserved. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or (at your option) version 1.3; with the Invariant Section being this copyright notice and license. A copy of the license version 1.2 is included in the section entitled “GNU Free Documentation License”. For SUSE trademarks, see https://www.suse.com/company/legal/ . All other third-party trademarks are the property of their respective owners. Trademark symbols (®, ™ etc.) denote trademarks of SUSE and its aliates. Asterisks (*) denote third-party trademarks. All information found in this book has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE LLC, its aliates, the authors nor the translators shall be held liable for possible errors or the consequences thereof. Contents About This Guide xvi 1 Available Documentation xvi 2 Giving Feedback xviii 3 Documentation Conventions xviii 4 Product Life Cycle -
Integrationofscientificandenginee
Integraton of scientfc and engineering applicatons into CERN’s computng resources Markus Jylhänkangas Bachelor’s thesis May 2019 Informaton and communicaton technology Degree Programme in Sofware Engineering Description Author(s) Type of publication Date Jylhänkangas, Markus Bachelor’s thesis May 2019 Language of publication: English Number of pages Permission for web publi- 47 cation: x Title of publication Integration of scientific and engineering applications into CERN’s computing resources Degree programme Software Engineering Supervisor(s) Kokkonen, Tero Rantonen, Mika Assigned by CERN Abstract Following CERN’s strategy to consolidate all computing resources under Linux, it was planned to move the Windows HPC service to Linux-based infrastructure. The scientific and engineering applications that were running under Windows HPC were therefore assigned to be migrated to Linux HPC and HTC environments. The main objective is the migration of engineering applications to Linux-based computing resources. The first objective for the migration was to design a strategy to carry out the mi- gration by identifying potential risks and select target service HPC or HTC, to make efficient use of resources. Second objective was to implement templates, plugins and necessary changes to the HTC and HPC infrastructure. Migration was also going to be tested and vali- dates with users. The migration was implemented by first installing the applications on the Linux resources. Template script were written to submit applications to HPC or HTC. Modification to HPC were made with Puppet to make it possible to run the applications As a result, the applications were migrated to either HPC or HTC resources and the Win- dows HPC was deprecated. -
Security and Hardening Guide Security and Hardening Guide SUSE Linux Enterprise Server 15 SP1
SUSE Linux Enterprise Server 15 SP1 Security and Hardening Guide Security and Hardening Guide SUSE Linux Enterprise Server 15 SP1 Introduces basic concepts of system security, covering both local and network security aspects. Shows how to use the product inherent security software like AppArmor, SELinux, or the auditing system that reliably collects information about any security-relevant events. Supports the administrator with security-related choices and decisions in installing and setting up a secure SUSE Linux Enterprise Server and additional processes to further secure and harden that installation. Publication Date: September 24, 2021 SUSE LLC 1800 South Novell Place Provo, UT 84606 USA https://documentation.suse.com Copyright © 2006– 2021 SUSE LLC and contributors. All rights reserved. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or (at your option) version 1.3; with the Invariant Section being this copyright notice and license. A copy of the license version 1.2 is included in the section entitled “GNU Free Documentation License”. For SUSE trademarks, see https://www.suse.com/company/legal/ . All other third-party trademarks are the property of their respective owners. Trademark symbols (®, ™ etc.) denote trademarks of SUSE and its aliates. Asterisks (*) denote third-party trademarks. All information found in this book has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE LLC, its -
Open Source Licenses
Threat Protection System v5.1.0 Open Source Licenses The TippingPoint Threat Protection System (TPS) devices use open source components. Many open source license agreements require user documentation to contain notification that the open source software is included in the product. For inquiries about acquiring license code, contact support. The following agreements are for software that this product includes or may include: • "BIND License Agreement" on page 9 • "boost License Agreement" on page 10 • "coreutils License Agreement regarding coreutils & libmspack" on page 11 • "corosync License Agreement" on page 20 • "cpputest License Agreement" on page 21 • "License Agreement regarding dbus; ecryptfs-utils; gdb; glibc; gptfdisk; ipset; keyutils; libcgi; libnih; libstatgrab; linux; lm-sensors; lttng; mxml; net-tools; open-vm-tools; pam-tacplus; rng-tools; RRDTool; syslog-ng; upstart & util-linux" on page 22 • "gSoap License Agreement" on page 26 • "host-sflow License Agreement" on page 33 • "ipmitool License Agreement" on page 38 • "jitterentropy-rngd License Agreement" on page 39 • "libpcap License Agreement" on page 40 • "libxml License Agreement" on page 41 • "NTP License Agreement" on page 42 • "OpenSSH License Agreement" on page 43 • "License Agreement regarding OpenSSL & openssl-fips" on page 49 • "qDecoder License Agreement" on page 52 • "shadow License Agreement" on page 53 • "tcpdump License Agreement" on page 55 TippingPoint acknowledges that the following open source components may be used in this product: • Adaptive Public License