Hardening the Xen Hypervisor Debian 9 DomU: A review of default packages and libraries

The threat of running unnecessary services on a system bloated with extra software is a less commonly discussed security concern. Yet enabled and listening services weaken the server’s defences by creating potential entry points for the attacker, as well as by providing resources for the attacker to use against other machines. The server hardening maxim we’re interested in today goes as follows: “Install only necessary software; delete or disable everything else.” With this topic in mind, our task is to examine how this technique applies to a Xen Project hypervisor DomU virtual machine running a paravirtualized Debian 9 operating system.