Virtually Anywhere

So, I'm taking a network security class and one of the assignments is to come up with some sort of security related research project. I decided to do my project on getting a number of Operating Systems working in Virtual Machines (VMs) and then seeing if I could run various security scanners on them. I described the networking side of the project (getting bridging mode working for qemu) in my earlier article Virtually There. I had originally assumed that getting the guest operating systems working would be the easy part. Boy was I wrong.

Besides my existing, working VM for Windows 2000 Professional, the only other OSs that were actually easy to set up were a VM for Windows XP Home Edition and the VM for CentOS 5. All of the other operating systems I was interested in getting working in a VM took doing varying amounts of violence to the CentOS 5.2 installation on my workstation.

If the need arises, I will provide additional details as to the steps required for each of the following operating systems. In the mean time, I will provide a fairly short description.

Fedora Core 10 - Would run with incessant disk I/O errors under the stock CentOS 5.2 version of qemu. Solved this by grabbing the latest qemu source and rebuilding it. The rebuild also required grabbing the latest version of SDL and building it before qemu would build. Finally, I had to pull the latest kernel source from kernel.org, build a clean kernel and the rebuild and install both qemu and SDl. At this point Fedora Core 10 worked as expected with the caveat that I could not get the display to work at any finer resolution than 800x600. This last problem was solved only when I got a VM for CentOS 5 working and was able to copy /etc/X11/xorg.conf from the CentOS VM to the same directory for the Fedora Core VM.

Building and installing a custom kernel is not a big deal since each version of the kernel installs to a separate set of files in /boot and directory tree for the modules. Mind you, your custom kernel may or may not work, may not work correctly with other packages on your system, etc. but at least it shouldn't kill your existing installation. As for the non-kernel packages, make sure they install under /usr/local. At least one package wanted to install under /usr which would have potentially overwritten the CentOS version. If this isn't controlled by the configuration program, you can always edit the Makefile.

Ubuntu 8.10 - Setting up Ubuntu 6.10 was basically identical to setting up Fedora Core 10, right down to the problems. Luckily, the same fixes worked for the corresponding problems.

CentOS 4.3 - I had hoped the an older version of CentOS would be easier to get working. Wrong again. I was finally able to get CentOS 4.X working by updating my 4.3 installation to the current version, 4.7, and then getting the display settings worked out by the same method as above, copying my xorg.conf file. Getting the mouse to work was the worst but I was finaaly able to determine the device it was attaching as and, finally, I had a mouse.

Windows Server 2003 - Getting Server 2003 working was actually fairly easy, too. Afterall, it's just the server version of Windows XP.

Windows Vista Home Premium and Windows Server 2008 - Just like Server 2003 and XP are "twins", so are Vista and Server 2008. Neither operating system would install regardless of qemu, SDL or kernel version. The installation would proceed through the text "Loading Files" screen before giving me a "stopped" blue screen. After quite a bit of searching I decided to see if a later version of KVM would help. This seemed to solve the problem and now both Vita Home Premium and Server 2008 will run quite happily in a qemu VM.

Sever 2008 seems to still be more the a little fragile. I have had several segmentation fault crashes. It seems to have become more stable now that I have installed the pending updates and "activated" the system. It reamins to be seen whether the VMs will be robust enough for me to do security and penetration testing. I can say that the VMs respond as expected to both namp and nessus scans.

The hardest part on Server 2008 was getting it to take the product key. I could have sworn that I enterred the product key provided by DreamSpark.com when I performed the installation but I kept getting "activation" reminders. Attempting to activate Server 2008, in turn, got me a cryptic error message ("A problem occurred when Windows tried to activate. Error code 0x8007232B"). The "more information" button hinted at some non-specific DNS problem and Googling for alternative causes of the problem indicated that the problem could be caused becuase Javascript was disabled (which it was in the "Enhanced Security" mode that the Administrator run Internet Explorer in under Server 2008). This didn't fix the problem but more Googling turned up this blog article which is what actually turned out to be the problem.

One other quirk of getting both the Server 2008 and Vista VMs working was getting any network connectivity. Neither come with drivers for qemu's default NIC, the NE2000. Vista at least recognizes it as an ethernet controller but does not come with a preconfigured driver. Server 2008 seems to completely ignore the existence of the NE2K NIC. The workaround is to specify the Realtek NIC when starting qemu:

qemu -usb -usbdevice tablet -hda winSev2008.img -m 1024 -localtime \
-net nic,model=rtl8139 -net tap,ifname=tap0,script=no &

An oddity of qemu is that this only really works as expected in bridging mode. Only specifying "-net nic,model=rtl8139" without the bridge parameters results in qemu assuming you also want a VLAN. This could probably be made to work by setting up an appropriate VLAN but is not at all expected.

Cheers,
Dave