Collaborate Disseminate
My host is Fedora, and I want to add an extra layer of protection against 0day KVM/QEMU exploits that execute code on the host. For example there have been CVEs where if we run a specially crafted malicious windows executable on the window… Continue reading Can I use SELinux to add an extra layer of protection against 0-day VM escape exploits in KVM/QEMU?
Switching inputs between desktops seems like something that should be simple but can prove to be a pain in reality. [Hrvoje Cavrak] decided to take maters into his own hands …read more Continue reading Building a Better Keyboard and Mouse Switch
I’m currently working on a server. This server is meant to be converged, as in be my storage server and the place publicly accessible services run on. Services like some API’s in docker or k8s and maybe an occasional game server.
There are… Continue reading Security considerations and differences between Bare metal and Virtualization
I worry about 2 things:
how to restrict access to guests via VNC? I guess, it can be possible if you disable VGA "lspci"-device (which is shown via lspci)
how to disable all other virtual PCI devices attached by KVM and prevent … Continue reading securing KVM (RedHat) VPS [duplicate]
A KVM is a great tool for administering a number of different computers without cluttering one’s desk with extra peripherals, or for having to re-connect the keyboard, video, and mouse …read more Continue reading Pi-Cast Adds ATX Signalling To KVM
Many of us will have the problem of several computers on the same desk, and to avoid clutter we’ll use a KVM switch to share the peripherals. [The Turbanned Engineer] …read more Continue reading Three Computers, One Keyboard With USB Triplexer
I try to attest my vm running on a kvm+qemu host using qmp and this command:
echo ‘{ "execute": "qmp_capabilities" }\n{"execute":"query-sev-attestation-report","arguments":{"mnonce&quo… Continue reading Qemu: SEV: Failed to query the attestation report length ret=-22 fw_err=0 ()
I am in the process of setting up a KVM host, the machine will be directly exposed to the Internet, with no hardware firewall.
I would like to know how to secure it on the network side, so far I have two ideas in mind:
Harden the host as m… Continue reading Best way to protect a KVM host
I know other people asked about this question but I am having issues following the advice given.
I am trying to copy and paste from the Host machine to a KVM /QVMU virtual machine. The advice given was to install spice-agent. When I inst… Continue reading kvm copy paste with SPICE [closed]
My questions:
What good practices do you use for security on KVM servers?
How do you protect Host OS from Guest OS (networking, cpu, memory)?
How do you isolate Guest OS so that other Guest OSs are protected / isolated? in both books, as … Continue reading What good practices do you use to secure KVM servers Host OS from Guest OS?