Note that by default the root account has a blank password and cannot be used for connection. To be compliant with STIG UBTU-20-010012, you must have only two users:.Create a password using the grub-mkpasswd-pbkdf2 command:.To configure the setting manually, do the following: To be compliant with STIG UBTU-20-010009, set a password for GRUB.Click Done to start the installation process.Īfter the installation finishes, remove the installation media and reboot the system.įor post-installation, consider the following Veeam recommendations: At the Featured Server Snaps step of the installation wizard, do not install any additional packages.The OpenSSH server is required to be compliant with STIG UBTU-20-010042 and for deployment and upgrade of Veeam Data Mover. At the SSH Setup step of the installation wizard, select the Install OpenSSH server check box.For more information, see Post-Installation. After you add a hardened repository to the backup infrastructure, you must remove this user account from the sudo group. Mind that by default it will have sudo permissions. At the Profile setup step of the installation wizard, specify a hostname and a user account that you will use to connect to the Linux server.Note that all data on the disks will be deleted. Īfter you add partitions for all disks, click Continue in the Confirm destructive action window to apply changes. For more information, see Storage Settings. To protect data in backups, use Veeam Backup & Replication built-in encryption instead. To be compliant with STIG UBTU-20-010414, you do not need to enable disk encryption for the operating system. Example:įor the backup data, use the XFS file system. At the Storage configuration step of the installation wizard, follow recommendations from CIS Benchmarks for Ubuntu Linux 20.04 LTS STIG for partitioning.įor the operating system, use the ext4 file system.At the Configure Ubuntu archive mirror step of the installation wizard, leave the default mirror address.At the Configure proxy step of the installation wizard, specify the proxy server if required.If you have only one network interface card and cannot create a bond, assign the static IP address to the network interface to reduce the risk of connection issues, for example, with the DHCP server.active-backup (for other configurations).802.3ad (if you use EtherChannel with LCAP).balance-rr (if you use EtherChannel without LCAP). For the bond mode, select one of the following options:
0 Comments
Leave a Reply. |