Skip to main content
commvault.com commvault.com
Answer

cvsecurity.py enable_protection command didn't add SELinux context to all /etc/fstab mount points

  • March 24, 2022
  • 7 replies
  • 1052 views
E
Novice
Forum|alt.badge.img+9

I followed the procedure described on the documentation and noticed that the command 

./cvsecurity.py enable_protection -i InstanceID

didn’t add SELinux context to one of our mount points. This mount point hold a valid mount path from Commvault. I think a tab character between “timeout” value and the last two “fields” (fs_freq and fs_passno) messed up things. 

 

 

 

 

I ran the command again and the Commvault command skipped all of the mount points. Do I have to add it manually? 

Best answer by DMCVault

@Eduardo Braga make sure the latest version of the Enable Ransomware app is deployed from the software store.  Here is the direct link:
https://cloud.commvault.com/webconsole/softwarestore/store.do#!/147/701/15365

Or better yet, make sure Auto Update is on - in Command Center go to Reports -> click Actions -> Connect to store.  Once you authenticate to the software store, the Auto Update option is on the bottom left of the page.  Toggle this on so all your reports, apps, and workflows stay up-to-date.  If you access the store this way - navigate to APPS and search for Enable Ransomware. If you click this APP it will tell you if there is an updated version or not, and you can proceed to install it.

The latest version will include Linux media agents.  Its likely you are using an older version.

If you have a question or comment, please create a topic

7 replies

Damian Andre
Vaulter
Forum|alt.badge.img+22

Thanks for your question @Eduardo Braga 

I will flag this with @DMCVault to see if he knows what's happening in this instance

D
Vaulter
Forum|alt.badge.img+7
  • DMCVaultVaulter
  • Vaulter
  • March 25, 2022

@Eduardo Braga  what feature release are you enabling this on?  In earlier feature releases there was an additional command to run that adds SELinux context.  Its probably best to open a support case so we can inspect this and make sure all is good.

E
Novice
Forum|alt.badge.img+9

@Eduardo Braga  what feature release are you enabling this on?  In earlier feature releases there was an additional command to run that adds SELinux context.  Its probably best to open a support case so we can inspect this and make sure all is good.

@DMCVault FR 11.26.3. 

Mike Struening
Vaulter
Forum|alt.badge.img+22

@Eduardo Braga , were you able to get this resolved?  I don’t see a case for this in your name.

Thanks!

https://www.linkedin.com/in/michael-struening
E
Novice
Forum|alt.badge.img+9

@Eduardo Braga , were you able to get this resolved?  I don’t see a case for this in your name.

Thanks!

Mike, thank you, I added the SELinux context option manually. I don’t know how the cvsecurity.py script parse the fstab line to determine when and how to add the option, but for clarity I added the option anyway. 

  1. is there a command to check if the protection is up without running the script to enable the protection?

 

 

  1. My boss asked me to test it. I logged as root and tried to modify some files there. It worked. I'm Ok with that, but It would be great if the "Enable Ransomware Protection" report show all Linux Media Agent servers there with the protection enabled. 

 

 

[ General ]
 Version = 11.26.3
 

Mike Struening
Vaulter
Forum|alt.badge.img+22

I’m not aware of any check script, though point 2 is valid; I would expect that MA to show up here.  Might need to create a case here.

@DMCVault , should the Linux MA show up in this report?

https://www.linkedin.com/in/michael-struening
D
Vaulter
Forum|alt.badge.img+7
  • DMCVaultVaulter
  • Vaulter
  • Answer
  • April 21, 2022

@Eduardo Braga make sure the latest version of the Enable Ransomware app is deployed from the software store.  Here is the direct link:
https://cloud.commvault.com/webconsole/softwarestore/store.do#!/147/701/15365

Or better yet, make sure Auto Update is on - in Command Center go to Reports -> click Actions -> Connect to store.  Once you authenticate to the software store, the Auto Update option is on the bottom left of the page.  Toggle this on so all your reports, apps, and workflows stay up-to-date.  If you access the store this way - navigate to APPS and search for Enable Ransomware. If you click this APP it will tell you if there is an updated version or not, and you can proceed to install it.

The latest version will include Linux media agents.  Its likely you are using an older version.

Mike Struening
E
Terms & ConditionsCookie settingsAccessibility statement