freeVSD Enables Safe Experimentation
I work in an environment where software developers and system administrators with varying capabilities aggressively and routinely use Linux. We frequently explore new applications but sometimes hesitate to actually initiate an installation because we lack confidence in the software. Our concern is that rogue software might disrupt essential services on production servers. In extreme cases, it is even possible that a poorly written installer might corrupt a workstation's operating system installation.
Typically, implementing even a slightly complicated application that interacts with the web server requires installing the application, adding a new user (for suid operation), adding lines to httpd.conf, restarting the web server and creating and manipulating files in root-owned places like /etc or /usr/local/. All of this has to be undone if we later decide not to put the system into production use. While uninstall scripts can assist in this, these scripts could fail, leaving the system in an indeterminate state.
freeVSD is a GPL product initially conceived to enable an ISP to provide virtual server hosting. It can also transform a stock Red Hat installation into a powerful, low-cost testing environment. freeVSD works by simulating up to 250 full-featured private servers. Hard links to system files facilitate compact and homogeneous environments for each virtual server. Logins to the virtual servers are restricted via the native chroot facility, effectively creating a secure sandbox.
Now, we can experiment recklessly, hand the keys over to inexperienced juniors or casually grant root privileges to strangers, with little concern for negative consequences.
From the system administrator's standpoint, freeVSD enables you to create multiple self-sufficient systems, each with its own administrative account and the ability to manage user accounts, as well as the ability to configure their own web services, mail services, database server—a “Lite” version of Linux, if you will.
freeVSD was originally developed for an ISP in the United Kingdom and has been under development for three years. Based on mailing list archives, freeVSD seems popular and well supported. Questions are answered quickly, either by users or the developers.
Many significant functions of each virtual server can be administered by a rootlike account named Admin. For example, the Admin account can add users, manipulate their privileges, make changes to httpd.conf, restart various aspects of the server and so on.
Installing freeVSD can be a bit tricky. You need to be especially careful if you intend to restore the hostsystem back to its original configuration. As always, it is imperative to back up anything you are not comfortable with catastrophically losing. According to the web site, support for Debian, Mandrake and Slackware is forthcoming, but so far only Red Hat 6.x and 7.x. are officially supported. Version 1.4.6 introduces support for Red Hat 7.0, but Red Hat 6.2 seems to have more of the kinks worked out.
It is recommended that freeVSD be installed on a nearly pristine system. Start with a freshly installed Red Hat 6.2. Then decide whether you want any special server software available, such as MySQL, Postgres or PHP. Apply patches. Ideally, all applications should be installed before configuring freeVSD. Note that freeVSD works quite well under VMware, which might prevent a bit of stress during the first few installs. You'll probably need around 800MB of free disk space to accommodate the filesystem skeleton.
I assume you have or can obtain a FQDN or dedicated IP number for your first virtual host (freeVSD uses IP aliases). Of course, you need to be sure to obtain permission from whomever is in charge of your network before engaging in behavior that might be considered aggressive.
Then choose a name for your first virtual host. A good idea might be the hostname, (e.g., “myhost” if your FQDN is myhost.mydomain.com) or the domain name (mydomain), if you are providing hosting for multiple domains.
Here's an overview of the freeVSD install process, described in detail by the file /usr/doc/freevsd-x.y.z/user-guide.txt.
Install main RPM (e.g., freevsd-1.4.6-2.i386.rpm).
Install pkgs RPM (e.g., freevsd-pkgs-1.4.6-1.i386.rpm).
Run /usr/sbin/vsd-genskel.pl (several hundred megabytes will be copied during this process, so be patient). It is simple to customize this installation process. The file /etc/freevsd.conf provides several customization opportunities to specify files to include and exclude during skeleton generation. Red Hat 7.x users may need to tweak /etc/xinetd.conf and/or restart xinetd at this point.
Create first virtual host with a command such as /usr/sbin/vsdadm vs_create localhost name-of-virtual-server IP-of-Virtual-Server FQDN-of-virtual-server 200 0.
Execute batch by running /usr/sbin/vsd-vsbatch.pl.
Start the virtual server(s) with vsboot --start.
Try out the virtual shell with /usr/bin/bevs -r [name of virtual] (become the virtual shell).
Set the administrative password with passwd -u admin.
Exit the virtual shell by typing exit.
At this point, assuming nothing went wrong, you will have a functioning virtual server to which you may connect via Telnet or FTP.
To uninstall, stop all virtual servers with /usr/sbin/vsboot --stop. Next, optionally delete existing virtual hosts with
/usr/sbin/vsdadm vs_delete localhost myhost
Then, run /usr/sbin/vsd-uninstall.pl to restore configurations and optionally delete files. Take care to answer these questions correctly the first time as you won't get a second chance, and you will have to restore configurations manually. Finally, remove the pkgs and main RPMs.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- The Humble Hacker?
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- The Death of RoboVM
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The US Government and Open-Source Software
- ACI Worldwide's UP Retail Payments
- Open-Source Project Secretly Funded by CIA
- Varnish Software's Hitch
- New Container Image Standard Promises More Portable Apps
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide