-
June 24th, 2007, 05:30 AM
#1
Senior Member
Solaris/Snare VMs
Hi
I am in project which requires to build 3 VMWare virtual machines. One for each of Solaris 10, 9 and 8 (in that order).
Each VM should be configured with the Snare Agent for Solaris which should be configured for C2-level security auditing.
In addition to the VM's, it's important to construct an implementation/setup document that describes how to install and configure Snare as well as the Solaris C2 auditing (noting where it might be different per OS version).
Snare for Solaris can be used as a stand-alone auditing tool, or send data via UDP to a syslog server. For this project, it should be configured to log locally, but the documentation should clearly indicate where/how to configure it to send to a syslog server.
So how to go about that???
-
June 24th, 2007, 06:58 PM
#2
Get an ESX server and load her up. Then load all the hosts on it..
-
June 25th, 2007, 01:28 AM
#3
Originally Posted by oofki
Get an ESX server and load her up. Then load all the hosts on it..
Did you just tell him to go out and spend $5K so that he can run 3 VMs?
I would say that VMWare Workstation is the ultimate solution here, however given the extraordinary price they are charging for Workstation these days, VMWare Server would be enough... given the cost of a server capable of running ESX ($5K) and the cost of licensing, it's neither realistic or feasible.
As phish said, the easiest thing to do is just write down everything you do... keep a log of every command you type, every box you check and then "translate" those commands into plain english (or language of your choice). Remember to keep track of options, if you are creating documentation, one of the key aspects to the process is to document possible options at each step, which options you recommend, which options are possible and any options that may break later steps.
-
June 25th, 2007, 02:37 AM
#4
But I work for EMC. I had to say that lol.
-
June 27th, 2007, 08:49 AM
#5
IIRC VMWare only supports Solaris 10 but YMMV.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
June 27th, 2007, 11:05 AM
#6
Originally Posted by oofki
But I work for EMC. I had to say that lol.
No. You don't have to say that.
I would suggest VMware Server (it supports 9 and 10). It's free and it's designed to handle small number of servers. And while it only "supports" those, you'll probably find others have run on it (SirDice: supports is only if someone needs help from VMware to get a system up and running; doesn't mean you can't run earlier or later versions).
This might help in regards to the syslog setup: http://www.aboutdebian.com/syslog.htm
Last edited by MrLinus; June 27th, 2007 at 11:09 AM.
-
June 27th, 2007, 11:56 AM
#7
Ahh yes I forgot about the server. It is free. They yanked desktop that used to be free and give out that instead.
-
June 27th, 2007, 01:03 PM
#8
Originally Posted by oofki
Ahh yes I forgot about the server. It is free. They yanked desktop that used to be free and give out that instead.
Desktop? Try GSX. That was a paid product but they made it free. Made more sense in regards to small businesses that don't quite need the power of ESX but that Workstation isn't sufficient for.
OOfki, which area of EMC do you work for?
-
June 27th, 2007, 05:02 PM
#9
Originally Posted by MsMittens
(SirDice: supports is only if someone needs help from VMware to get a system up and running; doesn't mean you can't run earlier or later versions).
Ah.. I never said it didn't work, it's just not supported, so there's no guarantee it will work 100%.. Hence YMMV (your mileage may vary )
And with regards to workstation or server. Workstation is aimed at developers. It has some nice API hooks to control the VMs. You can create something in Visual Studio and instantly push it to a VM. You can create multiple snapshots of a VM and make changes, revert to a selected snapshot. Collaboration (share VMs) etc. You can even record everything a VM does and replay it (6.0). These things aren't in server.
ESX is aimed at enterprises, it has neat things like VMOTION.
Last edited by SirDice; June 27th, 2007 at 05:13 PM.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
June 27th, 2007, 06:05 PM
#10
Originally Posted by SirDice
Ah.. I never said it didn't work, it's just not supported, so there's no guarantee it will work 100%.. Hence YMMV (your mileage may vary )
And with regards to workstation or server. Workstation is aimed at developers. It has some nice API hooks to control the VMs. You can create something in Visual Studio and instantly push it to a VM. You can create multiple snapshots of a VM and make changes, revert to a selected snapshot. Collaboration (share VMs) etc. You can even record everything a VM does and replay it (6.0). These things aren't in server.
ESX is aimed at enterprises, it has neat things like VMOTION.
Not yet they ain't
And yes, Vmotion is neat but requires shared storage (storage vmotion is supposed to be a one-time thing) and VC to run it. VI3 has a whole whack of neat things (e.g, HA, DRS, etc.) .. and even more for the future.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|