1

I'm running citrix xen server on a server with two nic each with dedicated public ip and the management interface is directly connected to the www and protected with iptables that allow connections only from my static remote ip.

My question is, I can install the open source Ossec ids http://www.ossec.net/ in the dom0 for a best protection and mail notifications?

Anyone have experience about a software like ossec within citrix xenserver environment?

Best regards.

1 Answer 1

0

It's probably possible (after all, dom0 is based on a very stripped down Centos - probably just a bunch of extra dependencies to install), but I wouldn't do it. Almost all sources I've read advise strongly against installing anything in dom0. dom0 the base of everything and if something goes wrong in dom0, your entire system, all vm's will suffer.

As a side note, I'd have a hard time sleeping with my management interface exposed to the internet (even with an ip filter), and I'd strongly advise you to put a decent firewall in front of it and use a vpn type connection to work with the management interface. And installing ossec on that firewall appliance would make more sense as well.

1
  • Thanks for your answer. I already know about the importance to have a decent firewal on the management interfaces but it can be a little expensive. I use a low cost server that not give an hardware firewall to do this.
    – Open Space
    Commented Sep 12, 2015 at 15:38

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .