Skip to main content
Solved

Preparing Redhat Linux Server as Hardened Repository


what is the correct permission to give backup repository:

Ubuntu document its mention chmod 700 and in the redhat its 2775, which one is correct permission, kindly suggest. Appreciate if i get preparation process steps for redhat linux 8.x version for veeam 12.1  

Best answer by catchme.arul

catchme.arul wrote:
Chris.Childerhose wrote:
catchme.arul wrote:
coolsport00 wrote:

Ok..let us know how it goes @catchme.arul 

Make sure you review the requirements needed for your distribution

See Repo requirements here. And, for Linux Requirements and Limitations for Linux, see here.

is it mandatory to use Raid6/raid60 for data?

 

It is not mandatory no it depends on your server configuration but RAID5/6 would be best.  Or at least some RAID for redundancy of data.

yes, the requirement is met and I used R5 for more capacity requirements. need to change the permission and other settings then i have to add the repository into backup server.

tomorrow i will workaround this and update.

I am from india, now its 11:47pm here ….

 

Hi Chris,

I changed the permission to 700 and tested backup, restore and delete job. its working

Thank you

View original
Did this topic help you find an answer to your question?

27 comments

coolsport00
Forum|alt.badge.img+20
  • Veeam Legend
  • 3969 comments
  • March 12, 2024

Permissions in the Veeam User Guide falls under Ubuntu section, but setting folder permissions is a universal setting, not an OS-specific setting...at least I’m pretty sure. I’ve trained on RH-based systems, but have Debian-based (Ubuntu) systems in-house...so I’m pretty sure that’s accurate, as I’ve configured folder/file permissions on both OSes the same way. Can you share where you got the RedHat config from?

I recommend following permissions configuration as recommended in the Veeam User Guide.


Chris.Childerhose
Forum|alt.badge.img+21
  • Veeam Legend, Veeam Vanguard
  • 8126 comments
  • March 12, 2024

Follow this guide it is 3 parts and will explain how to set up the VHR - Veeam Hardening Linux Repository – Part 1 | StarWind Blog (starwindsoftware.com)


  • Author
  • Comes here often
  • 12 comments
  • March 12, 2024
example given like below for redhat:[root@repo10 mnt]# chmod 2775 backup

I have configured on ubuntu earlier without any challenges. However in this redhat looks different


  • Author
  • Comes here often
  • 12 comments
  • March 12, 2024
Chris.Childerhose wrote:

Follow this guide it is 3 parts and will explain how to set up the VHR - Veeam Hardening Linux Repository – Part 1 | StarWind Blog (starwindsoftware.com)

Hi Chris,

Thanks for your information. However, I need the procedure for redhat linux 8.x. I need it for my new requirement which is redhat linux.


  • Author
  • Comes here often
  • 12 comments
  • March 12, 2024

should I follow the same procedure in redhat from ubuntu , will it support


Chris.Childerhose
Forum|alt.badge.img+21
  • Veeam Legend, Veeam Vanguard
  • 8126 comments
  • March 12, 2024

Try this page - chattr Command Examples to Change File Attributes (Make files immutable) – The Geek Diary

You can use the “chattr” command in RHEL to set the Immutability flag for files/directories.  Scroll down for folders.


Chris.Childerhose
Forum|alt.badge.img+21
  • Veeam Legend, Veeam Vanguard
  • 8126 comments
  • March 12, 2024
catchme.arul wrote:

should I follow the same procedure in redhat from ubuntu , will it support

It technically should support it but I tend to work with Ubuntu more and never tried RHEL with the same process.


coolsport00
Forum|alt.badge.img+20
  • Veeam Legend
  • 3969 comments
  • March 12, 2024

@catchme.arul - ok...but where did you see that configuration specific for Veeam? If it’s not in the User Guide, then Veeam doesn’t recommend it. Again..the permission configuration shown in the user guide is linux-agnostic. Veeam recommends full user/owner permissions (a ‘7’), then no permissions for groups or others octels (both are ‘0s’). The fourth octel configuration, though I’ve seen it before, is not a needed permission to configure.


  • Author
  • Comes here often
  • 12 comments
  • March 12, 2024

coolsport00
Forum|alt.badge.img+20
  • Veeam Legend
  • 3969 comments
  • March 12, 2024
catchme.arul wrote:

should I follow the same procedure in redhat from ubuntu , will it support

Yes...the cmds provided in the Guide are linux-agnostic. The main difference is the package manager tool used. And, there are some package names required which are slightly different based on OS type.


  • Author
  • Comes here often
  • 12 comments
  • March 12, 2024
coolsport00 wrote:
catchme.arul wrote:

should I follow the same procedure in redhat from ubuntu , will it support

Yes...the cmds provided in the Guide are linux-agnostic. The main difference is the package manager tool used. And, there are some package names required which are slightly different based on OS type.

thank you for your update, let me follow and work around with ubuntu procedure in redhat linux. I have configured ubuntu based hardended server couple of times.


Chris.Childerhose
Forum|alt.badge.img+21
  • Veeam Legend, Veeam Vanguard
  • 8126 comments
  • March 12, 2024
catchme.arul wrote:
coolsport00 wrote:
catchme.arul wrote:

should I follow the same procedure in redhat from ubuntu , will it support

Yes...the cmds provided in the Guide are linux-agnostic. The main difference is the package manager tool used. And, there are some package names required which are slightly different based on OS type.

thank you for your update, let me follow and work around with ubuntu procedure in redhat linux. I have configured ubuntu based hardended server couple of times.

Let us know how it goes but it should work this way as well.


coolsport00
Forum|alt.badge.img+20
  • Veeam Legend
  • 3969 comments
  • March 12, 2024
catchme.arul wrote:

Thank you for sharing that. So, the 4th octel, represented by the 1st digit, sets the setuid and/or setgid, representing letting either a user or a group to run executable and make changes. You can read more about it here. I’m not sure why that RH Solutions Architect placed those permissions on the directory used for the Repo. Those permissions are not configured in the User Guide. And, the permissions he adds are less restrictive than what Veeam suggests to configure.


  • Author
  • Comes here often
  • 12 comments
  • March 12, 2024
Chris.Childerhose wrote:
catchme.arul wrote:

should I follow the same procedure in redhat from ubuntu , will it support

It technically should support it but I tend to work with Ubuntu more and never tried RHEL with the same process.

chris,

Myself also worked with ubuntu, but the new case require redhat OS. I have done with some part, and have doubt with setting differs between ubuntu and redhat


Chris.Childerhose
Forum|alt.badge.img+21
  • Veeam Legend, Veeam Vanguard
  • 8126 comments
  • March 12, 2024
catchme.arul wrote:
Chris.Childerhose wrote:
catchme.arul wrote:

should I follow the same procedure in redhat from ubuntu , will it support

It technically should support it but I tend to work with Ubuntu more and never tried RHEL with the same process.

chris,

Myself also worked with ubuntu, but the new case require redhat OS. I have done with some part, and have doubt with setting differs between ubuntu and redhat

Try the Ubuntu commands as it should work.  You may need to tweak them for RHEL.


  • Author
  • Comes here often
  • 12 comments
  • March 12, 2024
coolsport00 wrote:
catchme.arul wrote:

Thank you for sharing that. So, the 4th octel, represented by the 1st digit, sets the setuid and/or setgid, representing letting either a user or a group to run executable and make changes. You can read more about it here. I’m not sure why that RH Solutions Architect placed those permissions on the directory used for the Repo. Those permissions are not configured in the User Guide. And, the permissions he adds are less restrictive than what Veeam suggests to configure.

Yes, my doubt is also same. let me cross check with ubuntu and correct permission as per user guide


coolsport00
Forum|alt.badge.img+20
  • Veeam Legend
  • 3969 comments
  • March 12, 2024

Ok..let us know how it goes @catchme.arul 

Make sure you review the requirements needed for your distribution

See Repo requirements here. And, for Linux Requirements and Limitations for Hardened Repo, see here.


  • Author
  • Comes here often
  • 12 comments
  • March 12, 2024
coolsport00 wrote:

Ok..let us know how it goes @catchme.arul 

Make sure you review the requirements needed for your distribution

See Repo requirements here. And, for Linux Requirements and Limitations for Linux, see here.

is it mandatory to use Raid6/raid60 for data?

 


  • Author
  • Comes here often
  • 12 comments
  • March 12, 2024

thank you all for your updates,

Let me try this tomorrow and validate


Chris.Childerhose
Forum|alt.badge.img+21
  • Veeam Legend, Veeam Vanguard
  • 8126 comments
  • March 12, 2024
catchme.arul wrote:
coolsport00 wrote:

Ok..let us know how it goes @catchme.arul 

Make sure you review the requirements needed for your distribution

See Repo requirements here. And, for Linux Requirements and Limitations for Linux, see here.

is it mandatory to use Raid6/raid60 for data?

 

It is not mandatory no it depends on your server configuration but RAID5/6 would be best.  Or at least some RAID for redundancy of data.


coolsport00
Forum|alt.badge.img+20
  • Veeam Legend
  • 3969 comments
  • March 12, 2024
catchme.arul wrote:
coolsport00 wrote:

Ok..let us know how it goes @catchme.arul 

Make sure you review the requirements needed for your distribution

See Repo requirements here. And, for Linux Requirements and Limitations for Linux, see here.

is it mandatory to use Raid6/raid60 for data?

 

No. Which RAID you use is dependent upon your org requirements and/or preferences. But using RAID60 you get the benefit of dual-disk failure redundancy (RAID6) and best performance (RAID10).


coolsport00
Forum|alt.badge.img+20
  • Veeam Legend
  • 3969 comments
  • March 12, 2024
catchme.arul wrote:

thank you all for your updates,

Let me try this tomorrow and validate

Sure...let us know how it goes.


  • Author
  • Comes here often
  • 12 comments
  • March 12, 2024
Chris.Childerhose wrote:
catchme.arul wrote:
coolsport00 wrote:

Ok..let us know how it goes @catchme.arul 

Make sure you review the requirements needed for your distribution

See Repo requirements here. And, for Linux Requirements and Limitations for Linux, see here.

is it mandatory to use Raid6/raid60 for data?

 

It is not mandatory no it depends on your server configuration but RAID5/6 would be best.  Or at least some RAID for redundancy of data.

yes, the requirement is met and I used R5 for more capacity requirements. need to change the permission and other settings then i have to add the repository into backup server.

tomorrow i will workaround this and update.

I am from india, now its 11:47pm here ….

 


  • Author
  • Comes here often
  • 12 comments
  • Answer
  • March 14, 2024
catchme.arul wrote:
Chris.Childerhose wrote:
catchme.arul wrote:
coolsport00 wrote:

Ok..let us know how it goes @catchme.arul 

Make sure you review the requirements needed for your distribution

See Repo requirements here. And, for Linux Requirements and Limitations for Linux, see here.

is it mandatory to use Raid6/raid60 for data?

 

It is not mandatory no it depends on your server configuration but RAID5/6 would be best.  Or at least some RAID for redundancy of data.

yes, the requirement is met and I used R5 for more capacity requirements. need to change the permission and other settings then i have to add the repository into backup server.

tomorrow i will workaround this and update.

I am from india, now its 11:47pm here ….

 

Hi Chris,

I changed the permission to 700 and tested backup, restore and delete job. its working

Thank you


coolsport00
Forum|alt.badge.img+20
  • Veeam Legend
  • 3969 comments
  • March 14, 2024

Great to hear....worked as I thought it would. Following the User Guide instructions as suggested won't steer you wrong 😊