Skip to main content
Sign in

CloudLinux Knowledge Base

  1. CloudLinux
  2. Imunify Security Products
  3. Troubleshooting

Imunify360 support for Virtuozzo containers

Gleydson Soares
  • Updated

 

Imunify360 does support Virtuozzo containers, however, it requires the Linux Kernel with support to IP sets, and the ipset utility to be used to set up, maintain and inspect so-called IP sets in the Linux kernel.

Virtuozzo has virtualized the in-kernel IP sets support in version 7 with kernel 3.10.0-327.10.1.vz7.12.8 or later, so that, it might be supported inside their containers. 

 

If you try to install imunify360 on a Virtuozzo container and get the following error, it means that your current Virtuozzo kernel does not meet the requirement of the IP sets support:

 

"Your OS virtualization technology openvz has limited support for ipset in containers."

"ipset v7.1: Cannot open session to kernel."

 

It is required to update to Virtuozzo 7, kernel 3.10.0-1160.80.1.vz7.191.4, or newer the most recent release.

 

However, if you noticed that the kernel matches the requirements and ipset does not work, make sure of enabling the Netfilter support in the container by following the steps on the host server:

 

Stop the container:

vzctl stop container_id

Enable the Netfilter support:

vzctl set container_id --netfilter full --save

Start the container:

vzctl start container_id

 

Yet if you notice some errors as follows:

ipset: error while loading shared libraries: libipset.so.11: cannot open shared object file: No such file or directory

or

ipset not found

 

Your container does not have the ipset utility and libraries installed. You should install it by using your distro package manager or by reinstalling the Imunify360 using the latest installer script.

How to update the ipset packages:

# yum install ipset-libs
# yum install ipset*

By default, the latest imunify360 installer already checks and installs the required packages for ipset utility and dependencies:

wget https://repo.imunify360.cloudlinux.com/defence360/i360deploy.sh

bash i360deploy.sh --key YOUR_KEY

 

Support for ImunifyAV+:

The imunifyAV+ does not use ipset functionality, it's a malware scanner and cleanup, so it does work on any Virtuozzo version.

 

More information at:

Virtuozzo 7.0 supports `ipset` management in containers as the result of the request PSBM-24537, https://virtuozzosupport.force.com/s/article/000014921

Bugs OpenVZ, OVZ-5736, ipset netfilter extension, https://bugs.openvz.org/browse/OVZ-5736

 

Comments

0 comments

Please sign in to leave a comment.

Related articles