virt-what script will identify many different types of hypervisors and container technologies. It's pre-packaged for most major Linux distributions (e.g.
apt-get install virt-what or
yum install virt-what) and its output is suitable for use in shell scripts. It correctly performs its detection from inside the virtual guest.
Current types of virtualization detected:
- hyperv Microsoft Hyper-V
- kvm Linux Kernel Virtual Machine (KVM)
- lxc Linux Containers
- openvz OpenVZ or Virtuozzo
- powervm_lx86 IBM PowerVM Lx86 Linux/x86 emulator
- qemu QEMU (unaccelerated)
- uml User-Mode Linux (UML)
- virtage Hitachi Virtualization Manager (HVM) Virtage LPAR
- virtualbox VirtualBox
- virtualpc Microsoft VirtualPC
- vmware VMware
- xen Xen
- xen-dom0 Xen dom0 (privileged domain)
- xen-domU Xen domU (paravirtualized guest domain)
- xen-hvm Xen guest fully virtualized (HVM)
The Puppet tool
virt-what internally to determine the type of virtualization in use, so if you are using Puppet, you already have this installed.
On Linux, it is possible to look for tell-tale signs of virtualisation depending on the type of hypervisor used. You can typically start by looking in
/proc/cpuinfo for the CPU type. Some hypervisors report fake CPU types such as "QEMU Virtual CPU". If it is running VZ, you can find
/proc/user_beancounters that report resource usage. With Xen, you will find a
So, it is possible to guess if you are running under some sort of virtualisation.
There are things that were looked at by the antivirus companies for detecting blue pill virus variants.
Basically it's extremely hard for a VM to match the real time clock with the CPU counters. If you have access to install a driver, you should be able to put the system into no interrupts and watch the counters. If you have a virtualised system then your clock will drift in chunks when the VM is switched out by the hypervisor (which is supposedly impossible based on the interrupt bit).
Look for steal cpu cycles. You can get this in top for example. "If your VM displays a high %st in top (steal time), this means CPU cycles are being taken away from your VM to serve other purposes."