You can configure ransomware protection for the DR backup folders on a local or network path on a Linux CommServe.
Before You Begin
Review the system requirements for ransomware protection.
Procedure
-
Log on to the CommServe computer.
-
Go to the /opt/commvault/MediaAgent64 directory.
-
To enable the ransomware protection, run the following command:
./cvsecurity.py enable_protection -i I**nstanceID
where InstanceID is the ID of the instance. For example, Instance001.
-
Reboot the computer for the ransomware protection to take effect.
The reboot operation is required only when you enable the protection for the first time.
-
If you did not reboot the system, to load the Commvault SELinux policy, complete the following steps:
-
Go to the /opt/commvault/MediaAgent64 directory.
-
To load the Commvault SELinux policy, run the restart_cv_services command.
./cvsecurity.py restart_cv_services -i InstanceID
-
What to Do Next
When the disk library or the DR export location is set as a NFS or CIFS share, you must trigger the cvsecurity.py tool and then mount these locations with the context type as 'cvstorage_t' to enable protection from ransomware attacks. For more information, see Red Hat documentation, Mounting an NFS Volume.
Results
-
The software logs the activities of the ransomware protection in the /var/log/cvsecurity.log file.
-
The software logs any unauthorized activities in the /var/log/audit/audit.log file.