Skip to main content

I followed the procedure described on the documentation and noticed that the command 

./cvsecurity.py enable_protection -i InstanceID

didn’t add SELinux context to one of our mount points. This mount point hold a valid mount path from Commvault. I think a tab character between “timeout” value and the last two “fields” (fs_freq and fs_passno) messed up things. 

 

 

 

 

I ran the command again and the Commvault command skipped all of the mount points. Do I have to add it manually? 

Thanks for your question @Eduardo Braga 

I will flag this with @DMCVault to see if he knows what's happening in this instance

@Eduardo Braga  what feature release are you enabling this on?  In earlier feature releases there was an additional command to run that adds SELinux context.  Its probably best to open a support case so we can inspect this and make sure all is good.

@Eduardo Braga  what feature release are you enabling this on?  In earlier feature releases there was an additional command to run that adds SELinux context.  Its probably best to open a support case so we can inspect this and make sure all is good.

@DMCVault FR 11.26.3. 

@Eduardo Braga , were you able to get this resolved?  I don’t see a case for this in your name.

Thanks!

@Eduardo Braga , were you able to get this resolved?  I don’t see a case for this in your name.

Thanks!

Mike, thank you, I added the SELinux context option manually. I don’t know how the cvsecurity.py script parse the fstab line to determine when and how to add the option, but for clarity I added the option anyway. 

  1. is there a command to check if the protection is up without running the script to enable the protection?

 

 

  1. My boss asked me to test it. I logged as root and tried to modify some files there. It worked. I'm Ok with that, but It would be great if the "Enable Ransomware Protection" report show all Linux Media Agent servers there with the protection enabled. 

 

 

General ]
 Version = 11.26.3
 

I’m not aware of any check script, though point 2 is valid; I would expect that MA to show up here.  Might need to create a case here.

@DMCVault , should the Linux MA show up in this report?

@Eduardo Braga make sure the latest version of the Enable Ransomware app is deployed from the software store.  Here is the direct link:
https://cloud.commvault.com/webconsole/softwarestore/store.do#!/147/701/15365

Or better yet, make sure Auto Update is on - in Command Center go to Reports -> click Actions -> Connect to store.  Once you authenticate to the software store, the Auto Update option is on the bottom left of the page.  Toggle this on so all your reports, apps, and workflows stay up-to-date.  If you access the store this way - navigate to APPS and search for Enable Ransomware. If you click this APP it will tell you if there is an updated version or not, and you can proceed to install it.

The latest version will include Linux media agents.  Its likely you are using an older version.

Terms & ConditionsCookie settings