Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: How to Set Up and Secure Ubuntu as a Virtualization Host

  1. #1
    Join Date
    Aug 2024
    Beans
    7

    How to Set Up and Secure Ubuntu as a Virtualization Host

    Hello Ubuntu Community,

    I'm planning to use Ubuntu as a virtualization host for my organization's infrastructure and would appreciate some advice on the following:

    Setting Up Ubuntu as a Virtualization Host:

    • Which Ubuntu version and configurations are best suited for hosting virtual machines?
    • What are the recommended virtualization technologies to use on Ubuntu (e.g., KVM, LXD, OpenStack), and what are the pros and cons of each?
    • Are there any detailed guides or resources that explain how to set up and manage a virtualization environment on Ubuntu?


    Security Best Practices:
    • What are the best practices for securing an Ubuntu-based virtualization host?
    • Any tips on hardening the system to protect against potential threats?
    • Can anyone recommend tools or services for monitoring and maintaining security on an Ubuntu virtualization host?


    I'd greatly appreciate any insights, documentation, or links to relevant resources that can help me ensure a secure and efficient setup.

    Thanks in advance for your help!

    Best, Thomas

    [Edit/update]
    First of all, I am not a LLM but ChatGPT has been used to improve the quality of the question. You could argue that it did not work.

    Let me try a more specific question instead:

    We are evaluating using Ubuntu for a virtualization host and expecting up to max 15 host. We are using the CIS hardening benchmark to harden the Ubuntu guest (and hosts). We are not limited in the choice of virtualization and can use KVM, OpenStack etc. but we need to document that we are hardening and securing it using the best-practice and we cannot find any authoritative source for hardening and/or securing it.

    Can everyone provide authoritative references? or at least good references?
    Last edited by tlkristensen; September 2nd, 2024 at 11:02 AM.

  2. #2
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: How to Set Up and Secure Ubuntu as a Virtualization Host

    You are asking very big questions that all depend on many aspects to your deployment. Pick one specific security issue and ask about that. Use specific tools and specific threats because how a home server that is never accessed from outside needs to be secured completely differently than a server the military runs that is internet facing.

    There are standards for how a military server should be configured. They are not for beginners and will break some parts of most server deployments. Those take years to be worked up and released, so I think 20.04 is the newest specification that is completely. 22.04 was due out this year, but when I looked a few months ago, it wasn't yet available.

    Anyway, there is foundational knowledge that is required first to understand any of this. I think Bob Toxen's, Real World Linux Security: Intrusion Protection, Detection, and Recovery, book is a good introduction still even though it is over 20 yrs old. There aren't "best practices" for security random hosts doing random things. It depends on the server workload.

    Details change constantly, so very few of those guides exist since they will become out of date in less than 1 yr when things change.

    With all that said, my #1 security technique is still daily, automatic, versioned, backups that are "pulled" from the system, never "pushed." Good backups with sufficient retention periods are mandatory. For high risk servers, I keep over a year of these backups. As the risk for a system is reduced, the number might get down to 90 days, but no lower. Sometimes nobody notices issues for a few months.

    How many physical and virtual instances are you thinking about? There are options that have lots of hassles until you have 20 physical servers and hundreds of virtual systems.

    I've been deploying Linux servers for nearly 30 yrs. I would caution anyone against using the current Ubuntu servers for LXD, because Canonical only provides it as a snap package with introduces lots of good things, but also many hassles. There are times when I feel I don't really have control over my lxc instances managed by lxd. Debian would be a better choice for those, I hate to say. If you really care about security, perhaps deploying on RHEL would make the most sense? There are some core security features in RHEL systems that aren't in Debian/Ubuntu systems. Just something to consider.

    And don't forget. All the details will be different in a year.

  3. #3
    currentshaft Guest

    Re: How to Set Up and Secure Ubuntu as a Virtualization Host

    s
    Last edited by currentshaft; September 3rd, 2024 at 04:02 AM.

  4. #4
    Join Date
    Mar 2014
    Location
    Germany
    Beans
    16
    Distro
    Xubuntu

    Re: How to Set Up and Secure Ubuntu as a Virtualization Host

    It sounds you miss the basics.

    Go with Proxmox, rock solid and under the hood it's Debian.

  5. #5
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: How to Set Up and Secure Ubuntu as a Virtualization Host

    Quote Originally Posted by currentshaft View Post
    My man writing novels for AI bots over here.

    "Thomas" is clearly an LLM. I really don't understand why so much AI generated spam is tolerated here.
    I type really fast.

    It isn't clear to me. Perhaps you'd be kind to create a post on recognizing those posts? If it is so clear, that should be easy? Bet the forum managers would appreciate any guidance too. Perhaps they could add a filter before posts are accepted?

  6. #6
    Join Date
    Mar 2010
    Location
    /home
    Beans
    9,692
    Distro
    Xubuntu

    Re: How to Set Up and Secure Ubuntu as a Virtualization Host

    I tend to agree with TheFu on this one.

    Sometimes it is fairly obvious if text is AI generated.

    I do not see this here.

    Please enlighten us: what gives it away?

    I also don't think it is fair to suggest that the staff are letting users get away with this type of content.

    Spammers are sometimes very clever and it is not always so clear.

    Also, please consider using the Report Post button in future. You can leave a brief description of what content you find problematic. That way, more than one staff member will see the report and can respond to it.

    Bear in mind, that staff are on at different times and some only monitor certain sub-forums. But if you use the Report Post feature, more people will see your report.
    Last edited by Rubi1200; August 28th, 2024 at 04:06 PM.

  7. #7
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: How to Set Up and Secure Ubuntu as a Virtualization Host

    Quote Originally Posted by Rubi1200 View Post
    I tend to agree with TheFu on this one.
    A first post in these forums with correct advanced edits is a bit odd.

    Bold headers and bullet points? Is that it? Or is AI trying to get humans so solve a question that has been asked, but to which it cannot find an obviously acceptable answer? "Why" answers are always harder than "how" or "what to type" answers when sufficient details are provided. Some background has to be assumed in the reader, which is almost always incorrect.

    Or perhaps the answer is never respond to a user with only 1 post? How would any user feel welcomed if nobody responds, ever?

  8. #8
    currentshaft Guest

    Re: How to Set Up and Secure Ubuntu as a Virtualization Host

    ai
    Last edited by currentshaft; September 2nd, 2024 at 02:01 AM. Reason: censorship

  9. #9
    Join Date
    Apr 2024
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: How to Set Up and Secure Ubuntu as a Virtualization Host

    Quote Originally Posted by Rubi1200 View Post
    Spammers are sometimes very clever and it is not always so clear.
    I have almost two decades experience as a moderator and also as an administrator in a variety of forums (although hoping to reduce to one or two private ones). In all this time I've never really come across any such thing as a "clever spammer" - I've always thought that to be an oxymoron. They tend to be quite the opposite - dumb as hell. And LLM generated spam also tends to stick out like a sore thumb IME. I can almost smell spammers/spam bots. Including the "sleepers". Yeah, spammers try all sorts of 'tricks' with placing their spam, like hiding it by making it the same colour as the background, 'hiding' it in a full stop, placing it in quoted text from a previous post, and a whole lot more. Whatever they try, it doesn't get past me.

    Sometimes, just sometimes, I might be inclined to give a post the benefit of the doubt but keep a very close eye on it. Sometimes it does turn out perfectly innocent and legit, but most times the stench did prove too strong.

    In this particular case, I'm inclined to give the benefit of the doubt, with a 50/50 weighting. Let's wait and see.

    [Edit] Didn't see that last post by currentshaft, which went up after I'd started on this post. Well, there we have it. It is a stinking bot! [/Edit]
    Last edited by werewulf75; August 31st, 2024 at 03:16 AM.

  10. #10
    Join Date
    Aug 2024
    Beans
    7

    Re: How to Set Up and Secure Ubuntu as a Virtualization Host

    Thanks for the feedback.

    I have a very good understanding of the concepts and processes need to support it – As well as the constant changes in this area.

    I have looked at the CIS hardening benchmarks to start the hardening the OS but it does not include guidance on hardening KVM or LXD – But based on your feedback, I should look at Redhat and KVM, correct?

    CIS has a hardening guide for Redhat but none for KVM. Can you point me towards good resources on this?

Page 1 of 2 12 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •