secure ovirt hosts 4.0
This is a multi-part message in MIME format. --------------8A9CC3171E84CB827C191781 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: quoted-printable Hello, i need secure my hosts runining ovirt (vdsm-4.18.4.1-0) over=20 centos 7, this because oVirt installed on a minimal install of centos=20 7x, could helpme by sending all required ports enabled for hosts. pd. selinux=3Ddisabled, firewalld=3Denabled Thanks for the help *Rafael Almeida Orellana * --------------8A9CC3171E84CB827C191781 Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: 8bit <html> <head> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <p>Hello, i need secure my hosts runining ovirt (vdsm-4.18.4.1-0) over centos 7, this because oVirt installed on a minimal install of centos 7x, could helpme by sending all required ports enabled for hosts.</p> <p>pd. selinux=disabled, firewalld=enabled</p> <p>Thanks for the help<br> </p> <p><b>Rafael Almeida Orellana </b><br> </p> <div class="moz-signature"> <br> </div> </body> </html> --------------8A9CC3171E84CB827C191781--
On Mon, Jul 11, 2016 at 7:10 PM, Rafael Almeida < ralmeida@prefecturaloja.gob.ec> wrote:
Hello, i need secure my hosts runining ovirt (vdsm-4.18.4.1-0) over centos 7, this because oVirt installed on a minimal install of centos 7x, could helpme by sending all required ports enabled for hosts.
pd. selinux=disabled, firewalld=enabled
- We configure the firewall already for all required ports. - How is disabling selinux making anything more secure? Y. Thanks for the help
*Rafael Almeida Orellana *
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
On Tue, Jul 12, 2016 at 10:22 AM, Yaniv Kaul <ykaul@redhat.com> wrote:
On Mon, Jul 11, 2016 at 7:10 PM, Rafael Almeida <ralmeida@prefecturaloja.gob.ec> wrote:
Hello, i need secure my hosts runining ovirt (vdsm-4.18.4.1-0) over centos 7, this because oVirt installed on a minimal install of centos 7x, could helpme by sending all required ports enabled for hosts.
For _hosts_, you can see the default iptables configuration that is configured if you choose so when adding a host, buy running: engine-config -g IPTablesConfig You can also customize this by setting the config key IPTablesConfigSiteCustom, which is empty by default.
pd. selinux=disabled, firewalld=enabled
firewalld is not supported yet for hosts, see this: https://bugzilla.redhat.com/show_bug.cgi?id=995362
- We configure the firewall already for all required ports.
Indeed, if you choose so, which is the default. Of course you can choose not to, and configure iptables by other means, thus also limiting access to specific address ranges etc.
- How is disabling selinux making anything more secure?
Indeed...? Best,
Y.
Thanks for the help
Rafael Almeida Orellana
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- Didi
participants (3)
-
Rafael Almeida -
Yaniv Kaul -
Yedidyah Bar David