=============================================================== == openVZ =============================================================== # Debian Lenny # http://wiki.openvz.org/Installation_on_Debian # http://wiki.openvz.org/Basic_operations_in_OpenVZ_environment # http://linuxhostingsupport.

net/blog/howto-add-iptable-modules-on-a-vps # Configurar o VirtualBox Settings > System > Processor > Enabled PAE/NX # Instalar os pacotes apt-get install linux-image-openvz-686 apt-get install linux-source-2.6.26 vzctl vzquota # Checar a instalao reboot uname -r ps ax | grep vzmond ifconfig venet0 # Configurar vi /etc/sysctl.conf net.ipv4.ip_forward = 1 net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 1 net.ipv4.conf.default.forwarding = 1 net.ipv4.conf.default.proxy_arp = 0 kernel.sysrq = 1 net.ipv4.conf.eth0.proxy_arp = 1 sysctl -p ln -s /var/lib/vz /vz cd /opt wget http://download.openvz.org/contrib/template/precreated/debian-5.0-i386-mini mal.tar.gz mv /opt/debian-5.0-i386-minimal.tar.gz /var/lib/vz/template/cache/debian5.tar.gz # Create and start a container # RAM is 4k pages, so 131072*4k = 512M vzctl create 1 --ostemplate debian5 vzctl set 1 --ipadd 192.168.1.4 --save vzctl set 1 --nameserver 200.204.0.10 --save vzctl set 1 --diskspace 4G:4G --save vzctl set 1 --save --vmguarpages 131072 vzctl set 1 --save --oomguarpages 131072 vzctl set 1 --save --privvmpages 131072:196608 vzctl start 1 vzctl exec 1 ps ax # Enter to and exit from the container vzctl enter 1 exit # Stop and destroy the container vzctl stop 1 vzctl destroy 1 # Modulos do iptables

modprobe ipt_MASQUERADE modprobe ipt_helper modprobe ipt_REDIRECT modprobe ipt_state modprobe ipt_TCPMSS modprobe ipt_LOG modprobe ipt_TOS modprobe tun modprobe iptable_nat modprobe ipt_length modprobe ipt_tcpmss modprobe iptable_mangle modprobe ipt_limit modprobe ipt_tos modprobe iptable_filter modprobe ipt_helper modprobe ipt_tos modprobe ipt_ttl modprobe ipt_REJECT vzctl stop 1 vzctl set 1 -iptables ipt_REJECT -save vzctl set 1 -iptables ipt_tos -save vzctl set 1 -iptables ipt_TOS -save vzctl set 1 -iptables ipt_LOG -save vzctl set 1 -iptables ip_conntrack -save vzctl set 1 -iptables ipt_limit -save vzctl set 1 -iptables ipt_multiport -save vzctl set 1 -iptables iptable_filter -save vzctl set 1 -iptables iptable_mangle -save vzctl set 1 -iptables ipt_TCPMSS -save vzctl set 1 -iptables ipt_tcpmss -save vzctl set 1 -iptables ipt_ttl -save vzctl set 1 -iptables ipt_length -save vzctl set 1 -iptables ipt_state -save vzctl set 1 -iptables iptable_nat -save vzctl set 1 -iptables ip_nat_ftp -save vzctl start 1 # Configurar a rede vzctl enter 1 ifconfig venet0 up ifconfig venet0 192.168.1.4 netmask 255.255.255.0 route add default gw 192.168.1.1 echo "nameserver 200.204.0.138" >> /etc/resolv.conf echo "m1" > /etc/hostname vi /etc/network/interfaces auto venet0 iface venet0 inet static address 192.168.1.4 netmask 255.255.255.0 gateway 192.168.1.1 dns-nameserver 200.204.0.10 200.204.0.138 =============================================================== == Ambiente de trabalho =============================================================== # Download mkdir /opt/_medias cd /opt/_medias

wget 200.145.161.15/mysql-5.0.86-linux-i686.tar.gz wget 200.145.161.15/jdk-6u16-linux-i586.bin wget 200.145.161.15/glassfish-installer-v2ur2-b04-linux.jar # Java chmod +x jdk-6u16-linux-i586.bin ./jdk-6u16-linux-i586.bin mv jdk1.6.0_16 ../ # Variaveis de ambiente vi /etc/profile export JAVA_HOME=/opt/jdk1.6.0_16 export PATH=$PATH:$JAVA_HOME/bin:$MYSQL_HOME/bin # Glassfish java -Xmx128m -jar glassfish-installer-v2ur2-b04-linux.jar -console mv glassfish /opt cd /opt/glassfish chmod -R +x lib/ant/bin lib/ant/bin/ant -f setup.xml # MySQL apt-get install mysql-server-5.0 mysql -u root -py34lmjwl mysql -u root -p quit # Datas mv /etc/localtime /etc/localtime-bkp ln -s /usr/share/zoneinfo/America/Sao_Paulo /etc/localtime =============================================================== == Ataque Hacker =============================================================== # Create and start a container # RAM is 4k pages, so 131072*4k = 512M vzctl create 2 --ostemplate debian5 vzctl set 2 --ipadd 192.168.1.5 --save vzctl set 2 --nameserver 200.204.0.10 --save vzctl set 2 --diskspace 4G:4G --save vzctl set 2 --save --vmguarpages 131072 vzctl set 2 --save --oomguarpages 131072 vzctl set 2 --save --privvmpages 131072:196608 vzctl start 2 vzctl enter 2 ifconfig venet0 up echo "m2" > /etc/hostname vi /etc/network/interfaces auto venet0 iface venet0 inet static address 192.168.1.5 netmask 255.255.255.0 gateway 192.168.1.1 dns-nameserver 200.204.0.10 200.204.0.138 reboot vzctl enter 2 apt-get install nmap

=============================================================== == Teste Firewall =============================================================== # apt-get install logwatch # apt-get install fwlogwatch

=============================================================== == POST FORUM =============================================================== Ol pessoal, sou novo com openVZ e CSF ento me desculpem qualquer informao desnecessri a. Eu estou com o mesmo problema em um outro provedor. Enquanto aguardo a resposta do suporte tcnico deste provedor montei meu prprio amb iente pra testar e entender melhor o problema. Segui mais ou menos esses passos: 1 - Criei uma mquina virtual com SO Debian 5.0 2 - Instalei os pacotes necessrios para utilizar a openVZ apt-get install linux-image-openvz-686 apt-get install linux-source-2.6.26 vzctl vzquota 3 - Criei uma mquina para testes vzctl create 1 --ostemplate debian5 vzctl set 1 --ipadd 192.168.1.4 --save vzctl set 1 --nameserver 200.204.0.10 --save vzctl set 1 --diskspace 4G:4G --save vzctl set 1 --save --vmguarpages 131072 vzctl set 1 --save --oomguarpages 131072 vzctl set 1 --save --privvmpages 131072:196608 vzctl start 1 vzctl enter 1 4 - Instalei o CSF cd /opt/ wget h t t p ://www.configserver.com/free/csf.tgz tar -zxvf csf.tgz cd csf sh install.sh

5 - Ao testar a instalao reportado que no tem todos os mdulos necessrios perl /etc/csf/csftest.pl 6 - Desliguei a mquina e adicionei os mdulos vzctl stop 1 modprobe ipt_MASQUERADE modprobe ipt_helper modprobe ipt_REDIRECT modprobe ipt_state modprobe ipt_TCPMSS modprobe ipt_LOG modprobe ipt_TOS modprobe tun modprobe iptable_nat modprobe ipt_length modprobe ipt_tcpmss modprobe iptable_mangle modprobe ipt_limit modprobe ipt_tos modprobe iptable_filter modprobe ipt_helper modprobe ipt_tos modprobe ipt_ttl modprobe ipt_REJECT vzctl stop 1 vzctl set 1 -iptables ipt_REJECT -save vzctl set 1 -iptables ipt_tos -save vzctl set 1 -iptables ipt_TOS -save vzctl set 1 -iptables ipt_LOG -save vzctl set 1 -iptables ip_conntrack -save vzctl set 1 -iptables ipt_limit -save vzctl set 1 -iptables ipt_multiport -save vzctl set 1 -iptables iptable_filter -save vzctl set 1 -iptables iptable_mangle -save vzctl set 1 -iptables ipt_TCPMSS -save vzctl set 1 -iptables ipt_tcpmss -save vzctl set 1 -iptables ipt_ttl -save vzctl set 1 -iptables ipt_length -save vzctl set 1 -iptables ipt_state -save vzctl set 1 -iptables iptable_nat -save vzctl set 1 -iptables ip_nat_ftp -save vzctl start 1 7 - Efetuei o teste novamente e tudo ocorreu bem vzctl start 1 perl /etc/csf/csftest.pl Sem mais, Silvio Candido