Comprehensive data protection for all workloads
Post Reply
oscarm
Service Provider
Posts: 87
Liked: 7 times
Joined: Sep 10, 2013 11:43 am
Full Name: Oscar Muntenaar
Contact:

Linux Hardened repository

Post by oscarm »

I am in the process of building some Hardened repositories.

I want a separate user for every mount that becomes a repository. So on the linux vm I want to create this:

/repositories/Repo1 with a username and password
/repositories/Repo2 wiht a different username and password.

I do want to use the DISA-STIG security profile, but does this mean the usernames and passwords for the repositories will expire or can you set this to not expire?

If they do need to expire, how do you manage this?
d.artzen
Expert
Posts: 140
Liked: 70 times
Joined: Jan 14, 2022 9:16 am
Full Name: Daniel Artzen
Location: Germany
Contact:

Re: Linux Hardened repository

Post by d.artzen »

As described in the user guide https://helpcenter.veeam.com/docs/vbr/u ... tml?ver=13:
"Single-use credentials: Credentials that are used only once to deploy Veeam Data Mover, while adding the Linux server to the backup infrastructure. These credentials are not stored in the backup infrastructure. Even if the Veeam Backup & Replication server is compromised, the attacker cannot get the credentials and connect to the hardened repository.
To interact with the hardened repository, Veeam Backup & Replication uses SHA256RSA self-signed certificates with 2048-bit RSA key."

So even if the credentials expire it would not make a difference for Veeam.
But I have a question: Why use different users for the different volumes or even different volumes? I would just use one big volume with one user for the repository. This is also the way the new Aplliances (VSA and VIA) do it, one disk for the OS and all other disks as a single volume.
Post Reply

Who is online

Users browsing this forum: dabrigo, foggy, Semrush [Bot] and 145 guests