0

I was wondering how I could setup a Hypervisor environment that boots an operating system in in a sandboxed¹ mode, without relying on a (full blown) host (Dom0) operating system. The target application is implementing a physical², or "layer-0" honeypot³. Effectively the system should behave like your regular setup; listing the configured devices reports the actual hardware of the system; interfaces (network, USB, etc.) behave just normally; configuring the W-LAN is possible and so on. The major difference is, that nothing is stored permanently.

With a Linux host OS one could use qemu-kvm with a CoW snapshotting harddisk image that gets deleted after shutting down the VM. However I'd like to avoid the host OS; a lightweight shim system that provides the storage virtualization and otherwise passes through the rest of the HW would be ideal.

[1]: Changes made within the virtualized environment are not permanent; after a reboot the system is reverted to its initial state.

[2]: Think of an kiosk system, or a machine pretending to be something interesting.

[3]: Hence trying to avoid having a host OS, which could be a give away. In a similar fashion I'd like to avoid a Live-CD ramdisk based system.

Community
  • 1
datenwolf
  • 276
  • 1
  • 10
  • Windows can do this with [Native Boot](http://technet.microsoft.com/en-us/library/hh824872.aspx) vhd files, just make your vhd image and use [`bcdedit`](http://technet.microsoft.com/en-us/library/cc709667%28v=ws.10%29.aspx) to tell the bootloader to boot it. – Scott Chamberlain Jan 17 '15 at 21:24
  • This doesn't sound like the sort of thing that hypervisors are good at. You might want to look into software like [Deep Freeze](http://www.faronics.com/products/deep-freeze). I have never used it, so I can't say whether it's any good, but it gets mentioned here on Super User occasionally. – G-Man Says 'Reinstate Monica' Jan 17 '15 at 21:32
  • Maybe relevant: [Windows Software to Save Arbitrary Application State](http://superuser.com/q/230818/150988). – Scott - Слава Україні Mar 14 '15 at 06:41
  • @Scott: No not really. The question you linked about is "freezing" the state of a system (or application, which with some caveats, can be done, BTW; Linux cluster systems like OpenMOSIX built upon this). I on the other hand want exactly the opposite: I'd like to start an operating system in a way, that nothing "sticks". Using a VM this is trivial, but then the guest OS sees the VM environment. Which in the case of being used for a honeypot is a giveaway. – datenwolf Mar 14 '15 at 10:24

0 Answers0