Data protection, Kubernetes, cybersecurity and AI. Hands-on guides from the trenches: Veeam, Kasten, VMware, Oracle, cloud, and whatever I’m breaking in the homelab this week.
Table of ContentsTable of Contents
In this post, we will review installing an Immutable repository from Veeam With Red Hat Enterprise Linux, we previously reviewed an application for Ubuntu called VeeamHubRepo, which allows us to easily set up an immutable repository on Ubuntu Linux. Now we will review how to do the configuration in Red Hat Enterprise Linux, with a small script for the configuration of the repository automatically and in an easy to use way.
As we saw earlier in another post, we have the step-by-step guide to configuring the immutable repository of Veeam for Ubuntu with a utility, you can check it at:
/veeam-hardened-immutable-repository/
Now if you are looking for an easy way to configure but in Red Hat Enterprise Linux To provide backup immutability in your local environment, this post is for you.
Below we will review some good practices for this type of repository that allows us to store our backups immutably on Linux:
Do not add more roles Veeam or other services, i.e. this repository should be for immutable backups only
Preferably it is a Physical server with local drives s (JBOD)
Block or disable any remote administration applications or services, i.e. SSH (after setting up the repository), ILO, IDRAC, etc.
Why is it not recommended to add more roles veeam or other Linux services?, such as nginx, the answer is simple, the idea is to keep it as isolated as possible, trying to reduce the risk in case of any vulnerability or unauthorized access to the server. Since as we know, lately, we have multiple 0day vulnerabilities that affect Linux operating systems and services.
Why do you prefer a Physical Server with local drives? If it is a virtual machine and in the event of an attack, unfortunately, the security of the virtual environment was compromised, of course the attacker or attackers will even have the possibility of eliminating the virtual machine with all its content or encrypting the entire virtual environment. Regarding the recommendation of local disks, it is exclusively aimed at avoiding that in the event that the security of the storage or Storage has been compromised, it is not possible to delete the data that is stored in the repository.
And finally, block or disable any type of remote administration access, so that in the event of compromise of centralized administration credentials or vulnerabilities in remote administration systems, it will not be possible to connect to the operating system.
The only thing that needs to be connected is Veeam Backup & Replication to send Immutable Backups to the server.
Configure Red Hat Enterprise Linux as Veeam Immutable Repository#
In this case, install RHEL 8.3 as a server with the minimum option or by default without a graphical interface. And we connect via SSH with root:
If it is a physical server that already has the disks installed, we will proceed to execute a script that you can download from:
We select the file “rhelimm.sh” to see the content and copy it:
After copying the content of the file, we will return to the SSH session that we have open. We will create a new file with the “vi” editor, therefore in the ssh session we will execute:
vi rhelimm.sh
```bash
We press “i” to allow entering text or pasting text in the file:
And we exit the file by pressing “ESC :” we enter “wq!” press enter and return to the command line
Now we will assign execute permissions to the file with the following command:
```bash
chmod +x rhelimm.sh
```json
And now we will execute the script with the command:
```text
./rhelimm.sh
And we press “Enter” to execute the script that will request information.
Now we have already executed the script with the previous step, the first thing it does is a scan of existing new disks on the server. Then it lists the disks it found for us to ask if we want to use only one disk or several that exist on the server.
In this case for the demonstration add 4 disks of 50 TB, it should be noted, that it is possible to use multiple disks or just one, depending on your hardware configuration. therefore the script will ask us to enter the disks in “/dev/sdb” format and if you use multiple disks just add a space after each disk when entering it:
As shown in the previous image, the discs appear “ / Dev / sdb/dev/sdc /dev/sdd /dev/sde“. I enter them in the desired format and press “Enter” for execution:
When entering the disks, are created the physical volumes, the volume Group and the logical group to manage via LVM finally the logical volume “repoveeam” is formatted with XFS, in the formatting is included “Reflink” for the support of “Fast Clone” in this type of repository.
After formatting the script asks us for the password for the connection user, the script creates a user named “ repouser“, we enter the password:
And now the script tells us that we must add the new repository in Veeam Backup & Replication with the credentials of repouser” We connect to VBR and add the RHEL server within “Managed Servers”, we will select “Linux Server” to enter the IP address or DNS of the server:
After clicking on “Next” it will ask us how the Authentikation with the new RHEL server will be:
And we will select “Single-use credentials for hardened repository….” to enter the credentials, we will use the user created by the script “ repouser” with your respective password that was entered in the script steps and also very important, we will select “ Elevate account privileges automatically“And” Use your if sudo fails” and enter the “root” password, press “OK” and then “Next”:
The users and passwords we are entering will only be used in this connection, afterwards the credentials are not stored in the database. Veeam Backup & Replication. Now we select “YES”
And we will be able to see the installation of the necessary component for Veeam Backup & Replication:
We select “Apply” and we will see the finished installation:
Click “Finish” and we will be back to the SSH session. The script was waiting for the installation of the Veeam necessary checking if the process appears and then asking us if we want to disable SSH completely:
We enter 1 to disable and stop the SSH service and then we disconnect with the “exit” command. Then we can see that it will not be possible to connect again via SSH even after a reboot. It should be noted that the script adds the volume in “ / etc / fstab” so that in case of restart the disks are automatically mounted.
Now we go back to Veeam Backup & Replication to finish the configuration of the Immutable Repository.
In the VBR console, we will enter “Backup Repositories”, then right click and select “Add Backup Repository”, then “Direct Attached Storage”, then “Linux” to enter the data requested Veeam:
Click on “Next” and we will select our new Linux RHEL server. where we will also click on “Populate” to see the disk or mount point to store the backups:
We select “/repoveeam” and click on “Next”
Where we will enable “Use fast cloning on XFS volumes…” and “Make recent backup immutable for”, here you can leave the immutability of backups by default for 7 days or enter the necessary configuration in days. Then “Next”
We will select the “Mount Server” then “Next”, then “Apply” to see the configuration status:
Then it will ask us if we want to change the backup location of the configuration and we select “No”.
