Configuring Ransomware Protection for DR Backup Folders on Linux

You can configure ransomware protection for the DR backup folders on a local or network path on a Linux CommServe.

Before You Begin

Review the system requirements for ransomware protection.

Procedure

  1. Log on to the CommServe computer.

  2. Go to the /opt/commvault/MediaAgent64 directory.

  3. To enable the ransomware protection, run the following command:

    ./cvsecurity.py enable_protection -i I**nstanceID

    where InstanceID is the ID of the instance. For example, Instance001.

  4. Reboot the computer for the ransomware protection to take effect.

    The reboot operation is required only when you enable the protection for the first time.

  5. If you did not reboot the system, to load the Commvault SELinux policy, complete the following steps:

    1. Go to the /opt/commvault/MediaAgent64 directory.

    2. To load the Commvault SELinux policy, run the restart_cv_services command.

      ./cvsecurity.py restart_cv_services -i InstanceID

What to Do Next

When the disk library or the DR export location is set as a NFS or CIFS share, you must trigger the cvsecurity.py tool and then mount these locations with the context type as 'cvstorage_t' to enable protection from ransomware attacks. For more information, see Red Hat documentation, Mounting an NFS Volume.

Results

  • The software logs the activities of the ransomware protection in the /var/log/cvsecurity.log file.

  • The software logs any unauthorized activities in the /var/log/audit/audit.log file.

Loading...