Veritas NetBackup™ Virtual Appliance Documentation

Last Published:
Product(s): Appliances (3.2)
Platform: NetBackup Virtual Appliance
  1. Getting to know the NetBackup Virtual Appliance
    1. NetBackup Virtual Appliance product description
      1.  
        About the NetBackup Virtual Appliance master server role
      2.  
        About the NetBackup Virtual Appliance combined master and media server role
      3.  
        About the NetBackup Virtual Appliance media server role
      4.  
        About NetBackup Virtual Appliance CloudCatalyst
    2.  
      NetBackup Virtual Appliance supported features
    3.  
      About the NetBackup Virtual Appliance documentation
    4.  
      NetBackup Virtual Appliance 3.2 new features, enhancements, and changes
    5.  
      Known limitations of the NetBackup Virtual Appliance 3.2 release
    6.  
      Operational Notes for the NetBackup Virtual Appliance 3.2 release
  2. Preparing to deploy the appliance
    1.  
      NetBackup Virtual Appliance product files (OVF templates)
    2.  
      NetBackup Virtual Appliance deployment methods
    3. NetBackup Virtual Appliance deployment guidelines
      1.  
        NetBackup Virtual Appliance initial deployment checklist
  3. Deploying and configuring the appliance
    1. How to deploy and configure a NetBackup Virtual Appliance combined master and media server
      1.  
        Using the vSphere Client to deploy a combined master and media server appliance
      2.  
        Using the OVF Tool to deploy a combined master and media server appliance
      3.  
        Performing the initial configuration on a NetBackup Virtual Appliance combined master and media server
      4.  
        Completing the initial configuration of the NetBackup Virtual Appliance combined master and media server
    2. How to deploy and configure a NetBackup Virtual Appliance media server
      1.  
        Using the vSphere Client to deploy a media server appliance
      2.  
        Using the OVF Tool to deploy a media server appliance
      3.  
        Configuring a master server to communicate with an appliance media server
      4.  
        Performing the initial configuration on a NetBackup Virtual Appliance media server
    3. How to deploy and configure a NetBackup Virtual Appliance master server
      1.  
        Using the vSphere Client to deploy a NetBackup Virtual Appliance master server
      2.  
        Using the OVF Tool to deploy a master server
      3.  
        Performing the initial configuration on a NetBackup Virtual Appliance master server
    4. How to deploy and configure a NetBackup Virtual Appliance CloudCatalyst
      1.  
        Using the vSphere Client to deploy a CloudCatalyst appliance
      2.  
        Using the OVF Tool to deploy a CloudCatalyst appliance
      3. Performing the initial configuration on a NetBackup Virtual Appliance CloudCatalyst
        1.  
          Deploying certificates for a credentials broker when the master server is an appliance
  4. Post initial configuration procedures
    1.  
      About modifying the NetBackup Virtual Appliance settings
    2.  
      Adding a permanent license key if an evaluation license key expires
    3.  
      Managing license keys on the NetBackup Virtual Appliance
  5. Appliance common tasks
    1.  
      Common tasks in NetBackup Virtual Appliance
  6. Storage management
    1. About NetBackup Virtual Appliance storage configuration
      1. About viewing storage space information using the Show command
        1.  
          Viewing all storage information
        2.  
          Viewing disk information
        3.  
          Viewing partition information
        4.  
          Viewing the partition distribution on disks
      2.  
        Resizing a partition
      3.  
        Troubleshooting resize-related issues
      4.  
        Moving a partition
      5.  
        Monitoring the progress of storage manipulation tasks
      6.  
        Scanning storage devices using the NetBackup Virtual Appliance Shell Menu
      7.  
        Adding storage space for the NetBackup Virtual Appliance
      8.  
        Removing an existing storage disk
    2. About OpenStorage plugin installation
      1.  
        Installing the OpenStorage plugin
      2.  
        Uninstalling the OpenStorage plugin
  7. Deduplication pool catalog backup and recovery
    1.  
      About the NetBackup Virtual Appliance deduplication pool catalog backup policy
    2.  
      Automatic configuration of the NetBackup Virtual Appliance deduplication pool catalog backup policy
    3.  
      Manually configuring the NetBackup Virtual Appliance deduplication pool catalog backup policy
    4.  
      Manually updating the NetBackup Virtual Appliance deduplication pool catalog backup policy
    5.  
      Recovering the NetBackup Virtual Appliance deduplication pool catalog
  8. Network connection management
    1.  
      About IPv4-IPv6-based network support
    2.  
      Network settings for the NetBackup Virtual Appliance
    3.  
      Configuring DNS and host name mapping for the NetBackup Virtual Appliance
    4.  
      Setting the date and time on a NetBackup Virtual Appliance
    5.  
      Configuring static routes on the NetBackup Virtual Appliance
    6.  
      Expanding the bandwidth on the NetBackup Virtual Appliance
  9. Managing users
    1.  
      About managing NetBackup Virtual Appliance users
    2.  
      About NetBackup Virtual Appliance account types
    3.  
      Adding NetBackup Virtual Appliance users
    4.  
      Deleting NetBackup Virtual Appliance users
    5.  
      Adding NetBackup Virtual Appliance user groups
    6.  
      Deleting NetBackup Virtual Appliance user groups
    7.  
      Granting roles to NetBackup Virtual Appliance users and user groups
    8.  
      Revoking roles from NetBackup Virtual Appliance users and user groups
    9. About user name and password specifications
      1.  
        About STIG-compliant password policy rules
    10.  
      Changing NetBackup Virtual Appliance user passwords
    11.  
      About password management and recovery
    12. About authenticating LDAP users
      1.  
        Adding or modifying an LDAP server configuration on the NetBackup Virtual Appliance
      2.  
        Importing an LDAP server configuration for the NetBackup Virtual Appliance
      3.  
        Setting the SSL certification for LDAP on the NetBackup Virtual Appliance
      4.  
        Exporting an LDAP server configuration from the NetBackup Virtual Appliance
      5.  
        Unconfiguring LDAP user authentication on the NetBackup Virtual Appliance
      6.  
        Disabling LDAP user authentication on the NetBackup Virtual Appliance
      7.  
        Enabling LDAP user authentication on the NetBackup Virtual Appliance
      8.  
        Adding an LDAP attribute mapping on the NetBackup Virtual Appliance
      9.  
        Deleting an LDAP attribute mapping on the NetBackup Virtual Appliance
    13. About authenticating Active Directory users
      1.  
        Adding an Active Directory server configuration
      2.  
        Unconfiguring Active Directory user authentication on the NetBackup Virtual Appliance
    14.  
      About authentication using smart cards and digital certificates
    15. About authenticating Kerberos-NIS users
      1.  
        Adding a Kerberos-NIS authentication configuration on the NetBackup Virtual Appliance
      2.  
        Unconfiguring Kerberos-NIS user authentication on the NetBackup Virtual Appliance
    16.  
      Generic user authentication guidelines
    17. About user authorization on the NetBackup Virtual Appliance
      1.  
        NetBackup Virtual Appliance user role privileges
      2.  
        About the Administrator user role
      3.  
        About the NetBackupCLI user role
    18. Creating NetBackup administrator user accounts
      1.  
        Logging on as a NetBackup administrator
      2.  
        Managing NetBackup administrator user account passwords
      3.  
        Viewing NetBackup administrator user accounts
      4.  
        Auditing NetBackup administrator accounts
    19.  
      Deleting NetBackup administrator user accounts
  10. Using the appliance
    1. About configuring Host parameters for your appliance on the NetBackup Virtual Appliance
      1.  
        Configuring data buffer options on the NetBackup Virtual Appliance
      2.  
        Configuring lifecycle parameters on the NetBackup Virtual Appliance
      3.  
        Managing NetBackup Virtual Appliance deduplication
      4. About BMR integration
        1.  
          Enabling BMR from the NetBackup Virtual Appliance Shell Menu
    2. About Copilot functionality and Share management
      1.  
        Creating a Share
      2.  
        Editing a Share
      3.  
        Deleting a Share
      4.  
        Moving a Share
      5.  
        Viewing Share information from the NetBackup Virtual Appliance Shell Menu
      6.  
        NFS export options
    3. About NetBackup Virtual Appliance as a VMware backup host
      1.  
        NetBackup Virtual Appliance as backup host: component overview
      2.  
        Notes on NetBackup Virtual Appliance as a VMware backup host
    4. About running NetBackup commands from the appliance
      1.  
        Running NetBackup commands from the NetBackup Virtual Appliance
      2.  
        Creating a NetBackup touch file from the NetBackup Virtual Appliance
      3.  
        Best practices for running NetBackup commands from the NetBackup Virtual Appliance
      4.  
        About NetBackup operating system commands
      5.  
        Known limitations of running NetBackup commands from the NetBackup Virtual Appliance
    5. About mounting a remote NFS
      1.  
        Mounting a remote NFS drive
      2.  
        Unmounting an NFS drive
    6. About Auto Image Replication from a NetBackup Virtual Appliance
      1.  
        Prerequisites for Auto Image Replication
      2.  
        Configuring a replication target
      3.  
        Determining the appliance deduplication password
    7.  
      Generating certificates
  11. Monitoring the appliance
    1.  
      About NetBackup Virtual Appliance alerts
    2.  
      Setting up email notifications for a NetBackup Virtual Appliance
    3.  
      Setting up SNMP notifications for a NetBackup Virtual Appliance
    4.  
      Enabling and disabling Call Home from the appliance shell menu
    5.  
      Configuring a Call Home proxy server from the NetBackup Virtual Appliance Shell Menu
    6. About SNMP
      1.  
        About the Management Information Base (MIB)
    7. About Call Home
      1.  
        Understanding the Call Home workflow
      2.  
        About the Product Improvement Program
    8.  
      About AutoSupport
    9.  
      About storage email alerts
  12. Appliance security
    1. About Symantec Data Center Security on the NetBackup Virtual Appliance
      1.  
        Auditing the SDCS logs on the NetBackup Virtual Appliance
      2.  
        Viewing SDCS audit log details
      3.  
        Changing the SDCS log retention settings on the NetBackup Virtual Appliance
      4.  
        About SDCS event type codes and severity codes on the NetBackup Virtual Appliance
    2.  
      About data security
    3.  
      About data integrity
    4.  
      About data classification
    5.  
      About data encryption
    6.  
      About SSL usage
    7.  
      About the NetBackup Virtual Appliance intrusion detection system
    8.  
      About the NetBackup Virtual Appliance intrusion prevention system
    9.  
      Major components of the NetBackup Virtual Appliance OS
    10.  
      OS STIG hardening for NetBackup Virtual Appliance
    11.  
      Unenforced STIG hardening rules
    12.  
      FIPS 140-2 conformance for NetBackup Virtual Appliance
    13.  
      Vulnerability scanning of the NetBackup Virtual Appliance
    14.  
      About the appliance login banner
    15. Setting the appliance login banner
      1.  
        Creating the appliance login banner
      2.  
        Removing the appliance login banner
    16.  
      Log Forwarding feature overview
  13. Upgrading the appliance
    1. About upgrading to NetBackup Virtual Appliance software version 3.2
      1.  
        Supported upgrade paths
      2.  
        Preflight check before the upgrade
      3.  
        Appliance behavior during upgrades
      4.  
        About corresponding NetBackup software versions
      5.  
        About the Appliance Install Manager
    2. Requirements and best practices for upgrading NetBackup appliances
      1.  
        Upgrade time estimation
    3.  
      Pre-upgrade tasks for appliance upgrades
    4. Methods for downloading appliance software release updates
      1.  
        Downloading software updates directly to a NetBackup appliance
      2.  
        Downloading software updates to a NetBackup appliance using a client share
    5.  
      Installing a NetBackup Virtual Appliance software update using the NetBackup Virtual Appliance Shell Menu
    6.  
      Troubleshooting upgrade issues
  14. NetBackup client upgrades with VxUpdate
    1.  
      About VxUpdate
    2.  
      VxUpdate repository management
    3.  
      Deployment policy management
    4.  
      Manually initiating upgrades from the master server using VxUpdate
    5.  
      Manually initiating upgrades from the client using VxUpdate
    6.  
      Deployment job status
  15. Appliance restore
    1.  
      About appliance restore
    2.  
      Creating an appliance checkpoint from the appliance shell menu
    3.  
      Rollback to an appliance checkpoint from the appliance shell menu
    4.  
      About NetBackup Virtual Appliance factory reset
    5.  
      Factory reset best practices
    6.  
      How to factory reset the NetBackup Virtual Appliance
  16. Decommissioning and Reconfiguring
    1.  
      About decommissioning a NetBackup Virtual Appliance
    2.  
      Decommissioning a NetBackup Virtual Appliance with the media server role
  17. Troubleshooting
    1.  
      About troubleshooting the NetBackup Virtual Appliance
    2.  
      About contacting Technical Support
    3.  
      Determining the NetBackup Virtual Appliance serial number
    4. About disaster recovery
      1.  
        Recovering a NetBackup appliance master server using NetBackup catalog restore
    5. About NetBackup support utilities
      1.  
        NetBackup Domain Network Analyzer (NBDNA)
      2.  
        NetBackup Support Utility (NBSU)
    6.  
      Troubleshooting NetBackup Virtual Appliance initial deployment issues
    7.  
      Error messages displayed on the NetBackup Virtual Appliance Shell Menu
    8.  
      NetBackup status codes applicable for NetBackup Virtual Appliance
    9.  
      Installing an EEB
    10.  
      Rolling back an EEB using the NetBackup Virtual Appliance Shell Menu
  18. Appliance logging
    1.  
      About NetBackup Virtual Appliance log files
    2.  
      Viewing log files using the Support command
    3.  
      Where to find NetBackup Virtual Appliance log files using the Browse command
    4.  
      Enabling and disabling VxMS logging
    5.  
      Gathering device logs on a NetBackup virtual appliance
    6. About forwarding logs to an external server
      1.  
        Uploading certificates for TLS
      2.  
        Enabling log forwarding
      3.  
        Changing the log forwarding interval
      4.  
        Viewing the log forwarding configuration
      5.  
        Disabling log forwarding
  19. Commands overview
    1.  
      About the NetBackup Virtual Appliance Shell Menu
    2.  
      Logging on to the NetBackup Virtual Appliance Shell Menu
    3.  
      Using the NetBackup Virtual Appliance Shell Menu
    4.  
      About the NetBackup Virtual Appliance Shell Menu command views
  20. Appendix A. Appliance commands
    1.  
      Appliance > Master
    2.  
      Appliance > Media
    3.  
      Appliance > ShowDedupPassword
    4.  
      Appliance > Status
    5.  
      Appliance > Configure
  21. Appendix B. Manage commands
    1.  
      Manage > Software > Delete
    2.  
      Manage > Software > Download
    3.  
      Manage > Software > List
    4.  
      Manage > Software > Install
    5.  
      Manage > Software > Share
    6.  
      Manage > Software > Readme
    7.  
      Manage > Software > Rollback
    8.  
      Manage > Software > Cancel
    9.  
      Manage > Software > DownloadProgress
    10.  
      Manage > Software > UpgradeStatus
    11.  
      Manage > Software > VxUpdate
    12.  
      Manage > Storage > Show
    13.  
      Manage > Storage > Add
    14.  
      Manage > Storage > Create
    15.  
      Manage > Storage > Delete
    16.  
      Manage > Storage > Edit
    17.  
      Manage > Storage > Monitor
    18.  
      Manage > Storage > Move
    19.  
      Manage > Storage > Remove
    20.  
      Manage > Storage > Resize
    21.  
      Manage > Storage > Scan
    22.  
      Manage > OpenStorage > Install
    23.  
      Manage > OpenStorage > List
    24.  
      Manage > OpenStorage > Readme
    25.  
      Manage > OpenStorage > Share
    26.  
      Manage > OpenStorage > Uninstall
    27.  
      Manage > MountPoints > List
    28.  
      Manage > MountPoints > Mount
    29.  
      Manage > MountPoints > Unmount
    30.  
      Manage > License > Add
    31.  
      Manage > License > List
    32.  
      Manage > License > ListInfo
    33.  
      Manage > License > Remove
    34.  
      Manage > Certificates > Generate
    35.  
      Manage > Certificates > Delete
    36.  
      Manage > NetBackupCLI > Create
    37.  
      Manage > NetBackupCLI > Delete
    38.  
      Manage > NetBackupCLI > List
    39.  
      Manage > NetBackupCLI > PasswordExpiry
  22. Appendix C. Monitor commands
    1.  
      Monitor > Uptime
    2.  
      Monitor > Who
    3.  
      Monitor > NetworkStatus
    4.  
      Monitor > Top
    5.  
      Monitor > MemoryStatus
    6.  
      Monitor > SDCS
    7.  
      Monitor > NetBackup
    8.  
      Monitor > Hardware
  23. Appendix D. Network commands
    1.  
      Network > Configure
    2.  
      Network > Date
    3.  
      Network > DNS
    4.  
      Network > Gateway
    5.  
      Network > Hostname
    6.  
      Network > Hosts
    7.  
      Network > IPv4
    8.  
      Network > IPv6
    9.  
      Network > LinkAggregation
    10.  
      Network > NetStat
    11.  
      Network > NTPServer
    12.  
      Network > Ping
    13.  
      Network > SetProperty
    14.  
      Network > Show
    15.  
      Network > TimeZone
    16.  
      Network > TraceRoute
    17.  
      Network > Unconfigure
    18.  
      Network > WANOptimization
  24. Appendix E. Reports commands
    1.  
      Reports > Deduplication
    2.  
      Reports > Process
  25. Appendix F. Settings commands
    1.  
      Settings > Deduplication
    2.  
      Settings > LifeCycle
    3.  
      Settings > LogForwarding
    4.  
      Settings > NetBackup
    5.  
      Settings > Password
    6.  
      Settings > SystemLocale
    7.  
      Settings > Share
    8.  
      Settings > Sysctl
    9.  
      Settings > NetBackup DNAT
    10.  
      Settings > Notifications > LoginBanner
    11.  
      Settings > Security > Authentication > LDAP
    12.  
      Settings > Security > Authentication > ActiveDirectory
    13.  
      Settings > Security > Authentication > Kerberos
    14.  
      Settings > Security > Authentication > LocalUser
    15.  
      Settings > Security > Authorization
    16.  
      Main > Settings > Security > Certificate
    17.  
      Main > Settings > Security > STIG
    18.  
      Main > Settings > Security > FIPS
    19.  
      Settings > Alerts > CallHome
    20.  
      Settings > Alerts > SNMP
    21.  
      Settings > Alerts > Email
    22.  
      Settings > Alerts > Hardware
  26. Appendix G. Support commands
    1.  
      Support > Checkpoint
    2.  
      Support > DataCollect
    3.  
      Support > Disk
    4.  
      Support > Errors
    5.  
      Support > FactoryReset
    6.  
      Support > InfraServices
    7.  
      Support > iostat
    8.  
      Support > Logs
    9.  
      Support > Maintenance
    10.  
      Support > Messages
    11.  
      Support > NBDNA
    12.  
      Support > nbperfchk
    13.  
      Support > NBSU
    14.  
      Support > Processes
    15.  
      Support > Reboot
    16.  
      Support > Service
    17.  
      Support > Shutdown
    18.  
      Support > Storage SanityCheck
    19.  
      Support > Storage Reset
    20.  
      Support > Test

Unenforced STIG hardening rules

This topic describes the Security Technical Implementation Guide (STIG) rules the are not currently enforced on NetBackup Virtual Appliance. Rules in this list may not be enforced for reasons including, but not limited to the following:

  • Enforcement of the rule is planned for a future appliance software release.

  • An alternate method is used to provide protection that meets or exceeds the method described in the rule.

  • The method described in the rule is not used or supported on NetBackup Virtual Appliance.

The following describes the STIG rules that are not currently enforced:

  • CCE-26876-3: Ensure that gpgcheck is enabled for all yum package repositories.

    Scanner severity level: High

  • CCE-27209-6: Verify and correct the file permissions for the rpm.

    Scanner severity level: High

  • CCE-27157-7: Verify file hashes with rpm.

    Scanner severity level: High

  • CCE-80127-4: Install McAfee Antivirus

    Scanner severity level: High

  • CCE-26818-5: Install intrusion detection software.

    Scanner severity level: High

  • CCE-27334-2: Ensure SELinux state is enforcing.

    Scanner severity level: High

  • CCE-80226-4: Enable encrypted X11 forwarding.

    Scanner severity level: High

  • CCE-27386-2: Ensure that the default SNMP password is not used.

    Scanner severity level: High

  • CCE-80126-6: Install the Asset Configuration Compliance Module (ACCM).

    Scanner severity level: Medium

  • CCE-80369-2: Install the Policy Auditor (PA) module.

    Scanner severity level: Medium

  • CCE-27277-3: Disable modprobe loading of the USB storage driver.

    Scanner severity level: Medium

  • CCE-27349-0: Set default firewalld zone for incoming packets.

    Scanner severity level: Medium

  • CCE-80170-4: Install libreswan package.

    Scanner severity level: Medium

  • CCE-80223-1: Enable use of privilege separation.

    Scanner severity level: Medium

  • CCE-80347-8: Ensure that gpgcheck is enabled for local packages.

    Scanner severity level: High

  • CCE-80348-6: Ensure that gpgcheck is enabled for repository metadata.

    Scanner severity level: High

  • CCE-80358-5: Install the dracut_fips package.

    Security scanner level: Medium

  • CCE-80359-3: Enable FIPS mode in the GRand Unified Bootloader version 2 (GRUB2).

    Scanner severity level: Medium

  • CCE-27557-8: Set an interactive session timeout to terminate idle sessions.

    Scanner severity level: Medium

  • CCE-80377-5: Configure AIDE to FIPS 140-2 for validating hashes.

    Scanner severity level: Medium

  • CCE-80351-0: Ensure that users re-authenticate for privilege escalation (sudo_NOPASSWD).

    Scanner severity level: Medium

  • CCE-27355-7: Set account expiration following inactivity.

    Scanner severity level: Medium

  • CCE-80207-4: Enable smart card login.

    Scanner severity level: Medium

  • CCE-27370-6: Configure auditd_admin_space_left_action on low disk space.

    Security scanner level: Medium

  • CCE-27295-5: Use only approved ciphers.

    Scanner severity level: Medium

  • CCE-26548-8: Disable kernel support for USB from the bootloader configuration.

    Scanner severity level: Low

  • CCE-27128-8: Encrypt partitions.

    Scanner severity level: High

  • CCE-26895-3: Ensure that software patches are installed.

    Scanner security level: High

  • CCE-27279-9: Configure the SE Linux policy.

    Scanner severity level: High

  • CCE-27399-5: Uninstall the ypserv package.

    Scanner severity level: High

  • CCE-80128-2: Enable service nails.

    Scanner severity level: Medium

  • CCE-80129-0: Update virus scanning definitions.

    Scanner severity level: Medium

  • CCE-27288-0: Make sure that no daemons are unconfined by SE Linux. Make sure that all daemons are confined by SE Linux.

    Scanner severity level: Medium

  • CCE-27326-8: Make sure that no device files are unlabeled by SE Linux./Make sure that all device files are labeled by SE Linux.

    Scanner severity level: Medium

  • CCE-80354-4: Set the UEFI boot loader password.

    Scanner severity level: Medium

  • CCE-80171-2: Verify any configured IPSec tunnel connections.

    Scanner severity level: Medium

  • CCE-26960-5: Disable booting from USB devices in boot firmware.

    Scanner severity level: Low

  • CCE-27194-0: Assign a password to prevent changes to the boot firmware configuration.

    Scanner severity level: Low

  • CCE-80516-8: Configure the SSSD LDAP backend client CA certificate.

    Scanner severity level: Medium

  • CCE-80515-0: Configure the SSSD LDAP backend client CA certificate location.

    Scanner severity level: Medium

  • CCE-80546-5: Configure the SSSD LDAP backend to use TLS for all transactions.

    Scanner severity level: Medium

  • CCE-80437-7: Configure PAM in SSSD services.

    Scanner severity level: Medium

  • CCE-80519-2: Install smart card packages for multi factor authentication.

    Scanner severity level: Medium

  • CCE-80520-0: Configure certificate status checking for smart cards.

    Scanner severity level: Medium

  • CCE-80526-7: User initialization files must be group-owned by the primary user.

    Scanner severity level: Medium

  • CCE-80523-4: User initialization files must not run world-writable programs.

    Scanner severity level: Medium

  • CCE-80527-5: User initialization files must be owned by the primary user.

    Scanner severity level: Medium

  • CCE-80524-2: Ensure that the user's path contains only local directories.

    Scanner severity level: Medium

  • CCE-80528-3: All interactive users must have a defined home directory.

    Scanner severity level: Medium

  • CCE-80529-1: All interactive users home directories must exist.

    Scanner severity level: Medium

  • CCE-80534-1: All user files and directories in the home directory must be group-owned by the primary user.

    Scanner severity level: Medium

  • CCE-80533-3: All user files and directories in the home directory must be owned by the primary user.

    Scanner severity level: Medium

  • CCE-80535-8: All user files and directories in the home directory must have permissions set to mode 0750 or less.

    Scanner severity level: Medium

  • CCE-80532-5: All interactive user home directories must be group-owned by the primary user.

    Scanner severity level: Medium

  • CCE-80531-7: All interactive user home directories must be owned by the primary user.

    Scanner severity level: Medium

  • CCE-80525-9: Ensure that all user initialization files have permissions set to mode 0740 or less.

    Scanner severity level: Medium

  • CCE-80530-9: All interactive user home directories must have permissions set to mode 0750 or less.

    Scanner severity level: Medium

  • CCE-80393-2: Record any attempts to run chcon.

    Scanner severity level: Medium

  • CCE-80391-6: Record any attempts to run semanage.

    Scanner severity level: Medium

  • CCE-80660-4: Record any attempts to run setfiles.

    Scanner severity level: Medium

  • CCE-80392-4: Record any attempts to run setsebool.

    Scanner severity level: Medium

  • CCE-80661-2: Ensure that auditd collects information on kernel module loading (create_module).

    Scanner severity level: Medium

  • CCE-80415-3: Ensure that auditd collects information on kernel module unloading (delete_module).

    Scanner severity level: Medium

  • CCE-80547-3: Ensure that auditd collects information on kernel module loading and unloading (finit_module).

    Scanner severity level: Medium

  • CCE-80414-6: Ensure that auditd collects information on kernel module loading (init_module).

    Scanner severity level: Medium

  • CCE-80383-3: Record attempts to alter logon and logout events (faillock).

    Scanner severity level: Medium

  • CCE-80402-1: Ensure that auditd collects information on the use of privileged commands (sudoedit).

    Scanner severity level: Medium

  • CCE-80385-8: Record unauthorized (unsuccessful) access attempts to files (create).

    Scanner severity level: Medium

  • CCE-80390-8: Record unauthorized (unsuccessful) access attempts to files (ftruncate).

    Scanner severity level: Medium

  • CCE-80386-6: Record unauthorized (unsuccessful) access attempts to files (open).

    Scanner severity level: Medium

  • CCE-80388-2: Record unauthorized (unsuccessful) access attempts to files (open_by_handle_at).

    Scanner severity level: Medium

  • CCE-80387-4: Record unauthorized (unsuccessful) access attempts to files (openat).

    Scanner severity level: Medium

  • CCE-80389-0: Record unauthorized (unsuccessful) access attempts to files (truncate).

    Scanner severity level: Medium

  • CCE-80381-7: Shutdown system when auditing failures occur.

    Scanner severity level: Medium

  • CCE-80439-3: Configure the time service maxpoll interval.

    Scanner severity level: Low

  • CCE-80541-6: Configure audispd plugin to send logs to remote server.

    Scanner severity level: Medium

  • CCE-80539-0: Configure the disk_full_action option in the audispd's plugin.

    Scanner severity level: Medium

  • CCE-80540-8: Encrypt audit records sent with the audispd plugin.

    Scanner severity level: Medium

  • CCE-80538-2: Configure the network_failure_action option in the audispd's plugin.

    Scanner severity level: Medium

  • CCE-80542-4: Configure firewalld to rate limit connections.

    Scanner severity level: Medium

  • CCE-26828-4: Disable DCCP support.

    Scanner severity level: Medium

  • CCE-81153-9: Add the nosuid option to /home.

    Scanner severity level: Low

  • CCE-80543-2: Map system users to the appropriate SELinux role.

    Scanner severity level: Medium

  • CCE-80545-7: Verify and correct ownership of an rpm.

    Scanner severity level: High

  • CCE-80512-7: Prevent unrestricted mail relaying.

    Scanner severity level: Medium

  • CCE-26884-7: Set the lockout time for failed password attempts.

    Scanner severity level: Medium

See OS STIG hardening for NetBackup Virtual Appliance.