Solved

Preparing Redhat Linux Server as Hardened Repository


Userlevel 3

what is the correct permission to give backup repository:

Ubuntu document its mention chmod 700 and in the redhat its 2775, which one is correct permission, kindly suggest. Appreciate if i get preparation process steps for redhat linux 8.x version for veeam 12.1  

icon

Best answer by catchme.arul 14 March 2024, 07:48

View original

27 comments

Userlevel 7
Badge +17

Permissions in the Veeam User Guide falls under Ubuntu section, but setting folder permissions is a universal setting, not an OS-specific setting...at least I’m pretty sure. I’ve trained on RH-based systems, but have Debian-based (Ubuntu) systems in-house...so I’m pretty sure that’s accurate, as I’ve configured folder/file permissions on both OSes the same way. Can you share where you got the RedHat config from?

I recommend following permissions configuration as recommended in the Veeam User Guide.

Userlevel 7
Badge +21

Follow this guide it is 3 parts and will explain how to set up the VHR - Veeam Hardening Linux Repository – Part 1 | StarWind Blog (starwindsoftware.com)

Userlevel 3
example given like below for redhat:[root@repo10 mnt]# chmod 2775 backup

I have configured on ubuntu earlier without any challenges. However in this redhat looks different

Userlevel 3

Follow this guide it is 3 parts and will explain how to set up the VHR - Veeam Hardening Linux Repository – Part 1 | StarWind Blog (starwindsoftware.com)

Hi Chris,

Thanks for your information. However, I need the procedure for redhat linux 8.x. I need it for my new requirement which is redhat linux.

Userlevel 3

should I follow the same procedure in redhat from ubuntu , will it support

Userlevel 7
Badge +21

Try this page - chattr Command Examples to Change File Attributes (Make files immutable) – The Geek Diary

You can use the “chattr” command in RHEL to set the Immutability flag for files/directories.  Scroll down for folders.

Userlevel 7
Badge +21

should I follow the same procedure in redhat from ubuntu , will it support

It technically should support it but I tend to work with Ubuntu more and never tried RHEL with the same process.

Userlevel 7
Badge +17

@catchme.arul - ok...but where did you see that configuration specific for Veeam? If it’s not in the User Guide, then Veeam doesn’t recommend it. Again..the permission configuration shown in the user guide is linux-agnostic. Veeam recommends full user/owner permissions (a ‘7’), then no permissions for groups or others octels (both are ‘0s’). The fourth octel configuration, though I’ve seen it before, is not a needed permission to configure.

Userlevel 3

I refer the following link for redhat hardening

https://www.redhat.com/en/blog/veeam-ransomware-protection-rhel-immutable-repository

Userlevel 7
Badge +17

should I follow the same procedure in redhat from ubuntu , will it support

Yes...the cmds provided in the Guide are linux-agnostic. The main difference is the package manager tool used. And, there are some package names required which are slightly different based on OS type.

Userlevel 3

should I follow the same procedure in redhat from ubuntu , will it support

Yes...the cmds provided in the Guide are linux-agnostic. The main difference is the package manager tool used. And, there are some package names required which are slightly different based on OS type.

thank you for your update, let me follow and work around with ubuntu procedure in redhat linux. I have configured ubuntu based hardended server couple of times.

Userlevel 7
Badge +21

should I follow the same procedure in redhat from ubuntu , will it support

Yes...the cmds provided in the Guide are linux-agnostic. The main difference is the package manager tool used. And, there are some package names required which are slightly different based on OS type.

thank you for your update, let me follow and work around with ubuntu procedure in redhat linux. I have configured ubuntu based hardended server couple of times.

Let us know how it goes but it should work this way as well.

Userlevel 7
Badge +17

Thank you for sharing that. So, the 4th octel, represented by the 1st digit, sets the setuid and/or setgid, representing letting either a user or a group to run executable and make changes. You can read more about it here. I’m not sure why that RH Solutions Architect placed those permissions on the directory used for the Repo. Those permissions are not configured in the User Guide. And, the permissions he adds are less restrictive than what Veeam suggests to configure.

Userlevel 3

should I follow the same procedure in redhat from ubuntu , will it support

It technically should support it but I tend to work with Ubuntu more and never tried RHEL with the same process.

chris,

Myself also worked with ubuntu, but the new case require redhat OS. I have done with some part, and have doubt with setting differs between ubuntu and redhat

Userlevel 7
Badge +21

should I follow the same procedure in redhat from ubuntu , will it support

It technically should support it but I tend to work with Ubuntu more and never tried RHEL with the same process.

chris,

Myself also worked with ubuntu, but the new case require redhat OS. I have done with some part, and have doubt with setting differs between ubuntu and redhat

Try the Ubuntu commands as it should work.  You may need to tweak them for RHEL.

Userlevel 3

Thank you for sharing that. So, the 4th octel, represented by the 1st digit, sets the setuid and/or setgid, representing letting either a user or a group to run executable and make changes. You can read more about it here. I’m not sure why that RH Solutions Architect placed those permissions on the directory used for the Repo. Those permissions are not configured in the User Guide. And, the permissions he adds are less restrictive than what Veeam suggests to configure.

Yes, my doubt is also same. let me cross check with ubuntu and correct permission as per user guide

Userlevel 7
Badge +17

Ok..let us know how it goes @catchme.arul 

Make sure you review the requirements needed for your distribution

See Repo requirements here. And, for Linux Requirements and Limitations for Hardened Repo, see here.

Userlevel 3

Ok..let us know how it goes @catchme.arul 

Make sure you review the requirements needed for your distribution

See Repo requirements here. And, for Linux Requirements and Limitations for Linux, see here.

is it mandatory to use Raid6/raid60 for data?

 

Userlevel 3

thank you all for your updates,

Let me try this tomorrow and validate

Userlevel 7
Badge +21

Ok..let us know how it goes @catchme.arul 

Make sure you review the requirements needed for your distribution

See Repo requirements here. And, for Linux Requirements and Limitations for Linux, see here.

is it mandatory to use Raid6/raid60 for data?

 

It is not mandatory no it depends on your server configuration but RAID5/6 would be best.  Or at least some RAID for redundancy of data.

Userlevel 7
Badge +17

Ok..let us know how it goes @catchme.arul 

Make sure you review the requirements needed for your distribution

See Repo requirements here. And, for Linux Requirements and Limitations for Linux, see here.

is it mandatory to use Raid6/raid60 for data?

 

No. Which RAID you use is dependent upon your org requirements and/or preferences. But using RAID60 you get the benefit of dual-disk failure redundancy (RAID6) and best performance (RAID10).

Userlevel 7
Badge +17

thank you all for your updates,

Let me try this tomorrow and validate

Sure...let us know how it goes.

Userlevel 3

Ok..let us know how it goes @catchme.arul 

Make sure you review the requirements needed for your distribution

See Repo requirements here. And, for Linux Requirements and Limitations for Linux, see here.

is it mandatory to use Raid6/raid60 for data?

 

It is not mandatory no it depends on your server configuration but RAID5/6 would be best.  Or at least some RAID for redundancy of data.

yes, the requirement is met and I used R5 for more capacity requirements. need to change the permission and other settings then i have to add the repository into backup server.

tomorrow i will workaround this and update.

I am from india, now its 11:47pm here ….

 

Userlevel 3

Ok..let us know how it goes @catchme.arul 

Make sure you review the requirements needed for your distribution

See Repo requirements here. And, for Linux Requirements and Limitations for Linux, see here.

is it mandatory to use Raid6/raid60 for data?

 

It is not mandatory no it depends on your server configuration but RAID5/6 would be best.  Or at least some RAID for redundancy of data.

yes, the requirement is met and I used R5 for more capacity requirements. need to change the permission and other settings then i have to add the repository into backup server.

tomorrow i will workaround this and update.

I am from india, now its 11:47pm here ….

 

Hi Chris,

I changed the permission to 700 and tested backup, restore and delete job. its working

Thank you

Userlevel 7
Badge +17

Great to hear....worked as I thought it would. Following the User Guide instructions as suggested won't steer you wrong 😊

Comment