Login or Register to Ask a Question and Join Our Community


Cybersecurity

OpenVZ

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity OpenVZ
# 1  
Old 06-10-2014
OpenVZ
What do you think of OpenVZ? Would it be a good way to improve security on Linux web server? Is it as good as Solaris Zones?
thanks.
Login or Register to Ask a Question

Previous Thread | Next Thread

3 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Server with OpenVZ virtualisation is not responding but VMs are OK

Server is accessible only via IPMI. SSH and web control panel is timeout. Takes several hours. Server dont have high load or suspicious processes. I checked /etc/hosts.deny and restarted ssh, but nothing :( (0 Replies)
Discussion started by: postcd
0 Replies

2. Virtualization and Cloud Computing

OpenVZ domains/sites stopped working after restore

Hello, i created .tgz backups of my vms using vzdump. I accidentally deleted vms, its files just disappeared i dont know how. So what i did is that i restored backups by vzdump, but result is that i can SSH into a VM etc, i can also use their IP to access control panel on VPS, BUT, domains not... (0 Replies)
Discussion started by: postcd
0 Replies

3. UNIX for Dummies Questions & Answers

Openvz installation fails

Hello, I have a problem So I want to install this openvz. I run command apt-get install linux-image-openvz-amd64 and after that I check whether everything went ok with uname -r. But it seems that openvz is nowhere to be found. Why is that? All I see is 2.6.32-5-xen-amd64. Also when I try to... (1 Reply)
Discussion started by: linas
1 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

vz.conf

vz.conf(5)							    Containers								vz.conf(5)

NAME

       vz.conf - global OpenVZ configuration file

SYNOPSIS

       /etc/vz/vz.conf

DESCRIPTION

       This is the global configuration file for OpenVZ.  It consists of lines in the form

       PARAMETER="value"

       All parameter names and values are case-sensitive.  Quotes surrounding value are required if value contains spaces, and are optional other-
       wise. Extra spaces are not allowed. All unrecognized lines will be ignored.

   Global parameters
       VIRTUOZZO=yes|no
	      This parameter can be set to yes or no, and used by the vz init script. In case it is not set to yes, nothing will be done  to  boot
	      up OpenVZ on this node.

       LOCKDIR=directory
	      Set the directory to put lock files to.

       VE0CPUUNITS=number
	      Value of this parameter sets cpuunits for CT0 (host system).

       LOGGING=yes|no
	      Enables or disables logging. This parameter can be set to yes or no, default is yes.

       LOGFILE=file
	      Set location of log file, default is /var/log/vzctl.log.

       LOG_LEVEL=number
	      Set  the	logging  level for the log file (does not affect console output).  The greater the number is, the more information will be
	      logged to the LOGFILE. Default is 0, which means to log normal messages and errors. If set to -1, only errors will be logged.

       VERBOSE=number
	      Set the logging level for console/terminal output (does not affect log file).  Default is 0, which means to log normal messages  and
	      errors.  Increasing the number makes vzctl(8) more verbose.

       MODULES_DISABLED=yes|no
	      If  the  value  of  this parameter is set to yes, no attempt to load kernel modules is made by the vz initscript. This is helpful on
	      systems which have OpenVZ-specific features compiled into the kernel (i. e. not as modules).

       IPTABLES_MODULES="module module ..."
	      List of iptables kernel modules to be loaded by vz initscript before loading OpenVZ modules (which is required for iptables to  work
	      inside containers). If not set, value of IPTABLES is used.

       VZFASTBOOT=yes|no
	      If  the  value  of  this	parameter is set to yes, vz initscript called with start argument will start the containers with uncleanly
	      shutdown quota state without performing quota reinitialization (which is usually a time-consuming process). After all the containers
	      are started, the initscript when restarts those containers with unclean quota in a normal way (to recalculate/fix quotas).

       TEMPLATE=directory
	      Value of this parameter is a directory in which all container template data are stored.

   Network interface parameters
       VE_ROUTE_SRC_DEV="device"
	      This  parameter  specifies the network device name which IP address will be used as the source IP. This is helpful in case more than
	      one network interface is configured on HN and there is a need to specify the source IP address. Default is the first device  in  the
	      network device list.

       NEIGHBOUR_DEVS="detect"
	      Controls	on  which  interfaces to add/remove ARP records for a container IP, also which interfaces to use to query/announce ARP. If
	      this is set to detect, the right network interface (the one which is in the same subnet as a CT IP) will	be  chosen  automatically.
	      Any other value restores old (as of vzctl 3.0.19 or older) behavior, when all the possible interfaces were used.

       ERROR_ON_ARPFAIL=yes|no
	      In case the value of this parameter is set to yes, vzctl will fail to start a container if there is another host with the same IP in
	      the subnet.  The value of no makes vzctl to only print the warning.

   Defaults for containers
       Below parameters are defaults for containers, and can be overwritten by parameters in ctid.conf(5) per-container configuration file.

       DISK_QUOTA=yes|no
	      In case the value of this parameter is set to no, all disk quota operations are disabled.

       VE_ROOT=directory
	      Value of this parameter is the directory which serves as container root mount point. Value must contain literal string $VEID,  which
	      will be substituted with the actual numeric CT ID.

       VE_PRIVATE=directory
	      Value  of  this  parameter is the directory in which all the files and directories specific to that container are stored. Value must
	      contain literal string $VEID, which will be substituted with the actual numeric CT ID.

       CONFIGFILE=name
	      Default configuration file for create action, corresponds to --config option.

       IPTABLES="module module ..."
	      List of iptables modules to be enabled for containers, corresponds to --iptables option.

       Most of the other parameters that appear in per-container configuration files ctid.conf(5) can be also set here. Still, it  is  recommended
       to  keep  TEMPLATE, VE_PRIVATE and VE_ROOT in this configuration file, and all the other container related parameters in per-container con-
       figuration files.

SEE ALSO

       vzctl(8), ctid.conf(5).

LICENSE

       Copyright (C) 2000-2011, Parallels, Inc. Licensed under GNU GPL.

OpenVZ								    28 Jun 2011 							vz.conf(5)