You can configure ransomware protection for a Linux MediaAgent.
Note
The deduplication database, metadata drives, and index cache are currently not secured by ransomware protection.
Before You Begin
- 
Review the system requirements and the considerations for ransomware protection. 
- 
If any disk libraries or mount paths that are mounted are already present on the MediaAgent, you must take a backup of the /etc/fstab system file. Execute the following command: cp /etc/fstab /etc/fstab.backupfile
- 
Make a note of the instance ID of the MediaAgent computer. Execute the following command: commvault status
- 
You must set the MediaAgent on maintenance mode because the operations in the procedure require a reboot and perform unmount and mount of the disk libraries. 
- 
If the MediaAgent is a client computer, make sure that there are no active backup or restore operations running on the MediaAgent. 
- 
If the MediaAgent is on Ubuntu 20.04 operating system, you must disable apparmor service. Execute the following commands: # systemctl stop apparmor.service# systemctl disable apparmor.service
Procedure
- 
Login to your MediaAgent. 
- 
If the MediaAgent runs RHEL / CentOS 8.x kernel, then install Python 3.x version if it is not already present. Run the following command: ln -s /usr/bin/python3 /usr/bin/python
- 
Go to the /opt/commvault/MediaAgent64 directory. 
- 
To enable the ransomware protection, run the following command: ./cvsecurity.py enable_protection -i InstanceIDwhere InstanceID is the ID of the instance. For example, Instance001. 
- 
Reboot the MediaAgent for the ransomware Protection to take effect. The reboot operation is required only when you enable the protection for the first time. 
- 
After the MediaAgent is started successfully, go to the /opt/commvault/MediaAgent64 directory. 
- 
To load the Commvault SELinux policy, run the restart_cv_services command. ./cvsecurity.py restart_cv_services -i InstanceID
What to Do Next
If you create a library configured using local or external disk storage later, the library is protected from ransomware. However, if you create a shared library with the mount path on an NFS share, then you must configure ransomware protection for the library.
Results
- 
The software logs the activities of the ransomware protection in the /var/log/cvsecurity.log file. 
- 
The software logs any unauthorized activities in the /var/log/audit/audit.log file.