> Commvault Cloud > Backup Gateways > Information for All Backup Gateways > Ransomware Protection for Disk Libraries on a Linux MediaAgent

Configuring Ransomware Protection for a Linux MediaAgent

You can configure ransomware protection for a Linux Backup Gateway.

Before You Begin

  • Review the system requirements and the considerations for ransomware protection.

  • If any disk libraries or mount paths that are mounted are already present on the Backup Gateway, you must take a backup of the /etc/fstab system file. Execute the following command:

    cp /etc/fstab /etc/fstab.backupfile

  • Make a note of the instance ID of the Backup Gateway computer. Execute the following command:

    commvault status

  • You must set the Backup Gateway on maintenance mode because the operations in the procedure require a reboot and perform unmount and mount of the disk libraries.

  • If the Backup Gateway is a client computer, make sure that there are no active backup or restore operations running on the Backup Gateway.

  • If the Backup Gateway is on Ubuntu 20.04 operating system, you must disable apparmor service.

    Execute the following commands:

    # systemctl stop apparmor.service
    # systemctl disable apparmor.service

Procedure

  1. Login to your Backup Gateway.

  2. If the Backup Gateway runs RHEL / CentOS 8.x kernel, then install Python 3.x version if it is not already present. Run the following command:

    ln -s /usr/bin/python3 /usr/bin/python

  3. Go to the /opt/commvault/MediaAgent64 directory.

  4. To enable the ransomware protection, run the following command:

     
    ./cvsecurity.py enable_protection -i InstanceID

    where InstanceID is the ID of the instance. For example, Instance001.

  5. Reboot the Backup Gateway for the ransomware Protection to take effect.

    The reboot operation is required only when you enable the protection for the first time.

  6. After the Backup Gateway is started successfully, go to the /opt/commvault/MediaAgent64 directory.

  7. To load the Commvault Cloud SELinux policy, run the restart_cv_services command.

     
    ./cvsecurity.py restart_cv_services -i InstanceID

  8. Turn off the maintenance mode on the Backup Gateway.

What to Do Next

If you create a library configured using local or external disk storage later, the library is protected from ransomware. However, if you create a shared library with the mount path on an NFS share, then you must configure ransomware protection for the library.

Results

  • The software logs the activities of the ransomware protection in the /var/log/cvsecurity.log file.

  • The software logs any unauthorized activities in the /var/log/audit/audit.log file.

Loading...