1

I run an IPv4 server in a Fedora virtual machine. This server hosts a git service for a group of developers and is open to the internet. As a consequence, it is confronted to hacking attempts (mainly from Ukraine and China). I'd like to reduce its exposition to unwanted access to improve security of the host machine (access to the VM opens access to the virtual bridge then to the LAN and exposes the physical local machines).

To limit risks, the server has a very minimal configuration: base OS, git, shell but no compilers. Only ssh is open through the firewall. The fact that ssh service is on an unusual port does not add any security, as shown by the attempts.

Presently security relies on strong passwords.

Filtering on source IP in the host system before forwarding to the VM does not work well (partly because all connections seem to come from the box) and may not be desirable because some contributors have dynamic IPs.

The VM firewall has a white list (local LAN and some contributors) but I'm not sure if other connections really get drop or reject (I'd prefer drop) or are allowed through.

To protect the VM, I'd like to switch it on only on certain time slots, e.g. 00UTC to 01UTC after agreement with the developers.

Question How to schedule shutdown every day? gives a clue for switching off a VM.

  • However, how does that translate for a systemd machine without an /etc/rc.local ?

The VMs are automatically started when the host system boots. I want to change that to defer VM activation.

  • Would a cron job with a virsh start <domain> be a good idea?

The above mentioned question recommends the KISS principle. Is there a better way to do it?

As an alternative, could the firewall be programmed with time slots so that it drops incoming packets outside the time window and accepts them only during the set time interval?

Configuration: Fedora 28, KVM/QEMU, systemd Several servers on different local systems with dispatching from the first physical machine hit from the internet. Servers may be real or virtual machines. The latter case introduces another level of forwarding.

ajlittoz
  • 175

3 Answers3

1

For the VM shutdown, the cron could be used in VM: I'm not convinced why this could be a bad thing assuming you want it daily.

However, to answer your question, you could alternatively create a systemd service for the purpose of shutdown -h ( see https://www.linux.com/blog/learn/intro-to-linux/2018/5/writing-systemd-services-fun-and-profit )

Now for the startup, I would definitely use a cron with virsh.

tonioc
  • 2,069
  • I've experimented with crontab (host side) both to start and stop VM and crontab host-side to start VM and systemd VM-side to stop VM. Which solution is the safest, file integrity wise? – ajlittoz Jun 24 '18 at 16:55
  • I don't believe there is a safety implication in using one or other solution. The shutdown will in both cases send a kill signal to all processes, which should let time for closing all files. You can however stop your application processes before sending the shutdown command (in both cases). – tonioc Jun 25 '18 at 09:10
  • Note: I'm using the cron way for a while to periodically reboot some server, without issue. – tonioc Jun 25 '18 at 09:14
0

If the setup of your vm is correct , you can trigger a shutdown from the master with virsh .

From man virsh

shutdown domain [--mode MODE-LIST]
       Gracefully shuts down a domain.

So in the crontab , you can have a setup for the shutdown , and another one for restart .

if virsh shutdown MYVM does not work check if you have acpid installed in your vm .

EchoMike444
  • 3,165
  • Works that way. From a practical point of view what is preferable: 2 commands in crontab with "absolute" time-of-days or 1 command in host crontab to start VM and 1 systemd in VM with a duration before shutdown? Single maintenance location or two? Versatlity to change start time or update both times? – ajlittoz Jun 24 '18 at 17:18
0

If you wanna protect against hacking or rather limit its consequences then I suggest

  1. to separate the virtual disks for the OS and the data

  2. to shut down the VM from the outside

     virsh shutdown domain; sleep 60; virsh destroy domain

  3. reinitialize the OS disk

Hauke Laging
  • 90,279