Security Guest OS Notifications
The security module notifies the Guest OS of certain security breaches if the feature is enabled in the security config file. Depending on the Guest OS is used, the default notifications may appear in a slightly different format.
In order for notifications to be received by the Guest OS, the nvsecmsg application must be running on the Guest OS.
Firewall Notifications
Security notifications resulting from firewall alerts contain the following information:
Attack Interface: 0 - Ethernet (1 Byte)
Attack Detection Method: 1 - Firewall (4 Bytes)
Attack IP Source Port: (2 Bytes)
Attack IP Destination Port: (2 Bytes)
Attack IP Source Address: (4 Bytes) (network byte order)
Attack IP Destination Address: (4 Bytes) (network byte order)
DPI Notifications
Security notifications as a result of deep packet inspections (DPI) contain the following information:
Attack Interface: 0 - Ethernet (1 Byte)
Attack Detection Method: 2 - DPI (4 Bytes)
Attack IP Source Port: (2 Bytes)
Attack IP Destination Port: (2 Bytes)
Attack IP Source Address: (4 Bytes) (network byte order)
Attack IP Destination Address: (4 Bytes) (network byte order)
Linux Guest OS
Under Linux Guest OS, all notifications are printed to the user prompt. If an alert notification is received, it looks like this example for a DPI alert:
***********************************************
* WARNING: SECURITY DETECTED AN ATTACK (TCP/IP)
* SOURCE IP: 10.0.0.1:8550
* DEST IP: 192.168.10.4:37920
* ATTACK TYPE: 2
***********************************************
