Configuring Server as Hardened Repository
For post-installation, follow these steps:
- Log in to the server using the vhradmin account. By default, the password is vhradmin.
- Select a new password for the account. It must meet the following DISA STIG requirements:
- 15 characters minimum.
- 1 upper case character.
- 1 numeric character.
- 1 special character.
- No more than 3 characters of the same class in a row. For example, more than 3 lowercase or 3 numerical characters in sequence.
- Minimum password lifetime – 24 hours.
- Accept the license agreement.
- In the Veeam Hardened Repository Configurator, configure the following settings as required:
- Network settings — To configure IPv4 addresses, DHCP, and DNS for network interfaces, select Standard configuration. If DHCP is not enabled, select Advanced configuration to configure your IP address using nmtui.
- Proxy settings — Specify an HTTP or HTTPS proxy. Note that any proxy you add will be saved in the /etc/environment file in the http://ip_address:port format.
Note |
If you use self-signed HTTPS proxies or HTTPS proxies that use certificates signed by an internal CA, HTTPS traffic will be forwarded through an HTTP tunnel. |
- Time settings — Add an NTP server. When adding the NTP server, consider the following:
- chronyd is used as the NTP client.
- NTP servers over DHCP are allowed. This setting cannot be disabled.
- NTP servers are added with the iburst parameter. No additional options can be specified.
- Select the Start SSH option. This will generate credentials for the veeamsvc user that will be used to add the hardened repository to Veeam Backup & Replication. To generate new credentials, restart the SSH service.
- Add the server as a hardened repository. For more information, see Adding Hardened Repositories.
- After you add the hardened repository, select Stop SSH in the configurator.