Another step to harden access to the SQL database on the CommServe server is to change the default service ports. A default installation of SQL Server along with the Commvault software uses TCP port 1433 for client requests and communication. As the ports are well known and commonly attacked by hackers, you must change the TCP port set by SQL Server to your own customized port.
Procedure
-
Connect to the SQL Server instance using the sqlcmd utility and enter the password.
sqlcmd -S Hostname_of _Linux Computer -U saParameters:
-
S: Linux server hostname
-
U: SQL server username or sa username
-
-
View the current SQL server port.
SELECT local_tcp_port FROM sys.dm_exec_connections WHERE session_id = @@SPID GoThe current SQL server port appears.
-
Exit the SQL server session.
Exit -
Update the default Linux SQL server port to an available desired port.
In this example, the port is changed to 1648.
sudo /opt/mssql/bin/mssql-conf set network.tcpport 1648 -
Restart the SQL server.
systemctl restart mssql-server.service -
Reconnect to the SQL server instance using the new port in the sqlcmd utility and enter the password.
sqlcmd -S Hostname_of _Linux Computer,1648 -U saParameters:
-
S: Linux Server hostname
-
U: SQL server username or sa username
-
-
To the CommServe computer, add the additional settings as shown in the following table.
For instructions about adding an additional setting from the CommCell Console, see Adding or Modifying Additional Settings from the CommCell Console.
Additional setting
Category
Type
Value
Database
Integer
Enter the port number that you set for the CommServe SQL Server instance.
Database
Integer
Enter the port number that you set for the CommServe SQL Server instance.
Database
Integer
Enter the port number that you set for the CommServe SQL Server instance.
-
Restart all the Commserve services.
commvault restart -instance Instance001 -
For each remote web Server machine, perform steps 1 through 8.