NetBackup™ 10.1.1 Application Guide
- Product overview
- Release notes
- Geting started
- Creating NetBackup application instances
- Managing NetBackup application instances
- Managing application instances from Flex Appliance and NetBackup
- Accessing NetBackup primary and media server instances for management tasks
- Managing users on a primary or a media server instance
- Running NetBackup commands on a primary or a media server application instance
- Monitoring NetBackup services on a NetBackup primary server instance
- Mounting an NFS share on a NetBackup primary server instance
- Setting environment variables on primary and media server instances
- Storing custom data on a primary or a media server instance
- Modifying or disabling the nbdeployutil utility on a primary server instance
- Disabling SMB server signing on a media server instance
- Enabling extra OS STIG hardening on a primary or a media server instance
- Using a login banner on a primary or a media server instance
- Using a primary server instance for disaster recovery
- Accessing NetBackup WORM storage server instances for management tasks
- Managing users from the deduplication shell
- Adding and removing local users from the deduplication shell
- Adding MSDP users from the deduplication shell
- Connecting an Active Directory domain to a WORM storage server for Universal Shares and Instant Access
- Disconnecting an Active Directory domain from the deduplication shell
- Changing a user password from the deduplication shell
- Managing VLAN interfaces from the deduplication shell
- Viewing the lockdown mode on a WORM storage server
- Managing the retention policy on a WORM storage server
- Managing images with a retention lock on a WORM storage server
- Auditing WORM retention changes
- Managing certificates from the deduplication shell
- Managing FIPS mode from the deduplication shell
- Encrypting backups from the deduplication shell
- Configuring an isolated recovery environment on a WORM storage server
- Managing an isolated recovery environment on a WORM storage server
- Tuning the MSDP configuration from the deduplication shell
- Setting the MSDP log level from the deduplication shell
- Managing NetBackup services from the deduplication shell
- Managing the cyclic redundancy checking (CRC) service
- Managing the content router queue processing (CRQP) service
- Managing the online checking service
- Managing the compaction service
- Managing the deduplication (MSDP) services
- Managing the Storage Platform Web Service (SPWS)
- Managing the Veritas provisioning file system (VPFS) mounts
- Managing the NGINX service
- Managing the SMB service
- Monitoring and troubleshooting NetBackup services from the deduplication shell
- Managing users from the deduplication shell
Enabling extra OS STIG hardening on a primary or a media server instance
The Security Technical Implementation Guides (STIGs) provide technical guidance for increasing the security of information systems and software to help prevent malicious computer attacks. This type of security is also referred to as hardening.
OS STIG hardening rules are automatically enabled on primary and media server instances. These rules are based on the following profile from the Defense Information Systems Agency (DISA):
STIG for Red Hat Enterprise Linux Server
You can enable extra OS STIG hardening for increased security. The additional rules add protection to the sshd process and enforce stricter password policies.
Note the following about enabling extra OS STIG hardening:
This command does not allow individual rule control.
Once the option is enabled, it cannot be disabled.
Before the extra rules are enabled on the instance, you can have unlimited concurrent SSH sessions. After OS STIG hardening is enabled, the maximum number of concurrent SSH sessions is limited to 10.
To enable extra OS STIG hardening
- Open an SSH session to the instance as the appadmin user.
- Run the following command:
sudo /opt/veritas/appliance/pxcc/compliance/bin/pxcc_hardenvxos_on_demand.sh -s