Search This Blog

Wednesday, September 22, 2021

Configure Veeam Hardened Linux Repository Using Ubuntu

In this post, we are going to perform format and partition disks for our veeam Linux repository. Once we have complete this process, we will start to configure our hardened Linux repository.

Follow the below steps:

[Check disk]

sudo fdisk -l


We got a new disk :- 350GB at /dev/sdb

[Partition]
Begin by partition the disk, set to gpt and create primary partition with the size 350GB

sudo parted /dev/sdb

mklabel gpt

make primary 0GB 350GB

quit

[Formatting]

Format as XFS file system, 

sudo mkfs.xfs -b size=4096 -m reflink=1, crc=1 /dev/sdb -f


[Mounting]

sudo mkdir repo
sudo mount /dev/sdb /home/laiys/repo

[Check the mount point]

df -hT


[Set mount point as permanent]

vi /etc/fstab

/dev/sdb /home/laiys/repo xfs defaults 0 0

save it




[Create a non root user]

Scenario: 
username : veeam
group: veeamgroup
path : /home/laiys/repo

Create a user called "veeam"

sudo adduser veeam

Create group name "veeamgroup'
sudo groupadd veeamgroup


Add user to group

sudo usermod -a -G veeamgroup veeam

Check user in which group
groups veeam




[Set permission]

chown -R veeam:veeamgroup /home/laiys/repo
sudo chmod 700 /home/laiys/repo

[Add Veeam Repository]

When add a new repo, remember to select "Single use credentials for hardened repository"


Enter non root credential that you have created earlier
You may encounter this error message when trying to add a user without sudo right.


Workaround, temporary add 'veeam' to sudo group

sudo usermod -a -G sudo veeam

Repeat the step to use "single-use credential" again. This round you can proceed to install Veeam Transport and Data Mover.


Once complete, remove sudo right from veeam account

sudo deluser veeam sudo



Proceed to add the repo



Set fast clone on XFS
Set backup immutable for 7 days


That's all . Now you have successfully set up a hardened Linux repository.




Tuesday, September 7, 2021

Setup VPN Tunnel Using Two Asus Router

 We will look on how to setup VPN tunnel between two sites using Asus router.

Subnet:

Main Site: 192.168.0.0/24

DR Site: 192.168.1.0/24

Here is my configuration:-

Main Site 

Using ASUS RT-AC1300 UHP

Configure using Open VPN - act as VPN Server

1. Go to Advanced Settings | VPN | VPN Server | OpenVPN

2. Enable OPENVPN Server & click on Advanced Settings for VPN Details

3.Set

Interface Type: TUN

Respond to DNS: Yes

Advertise DNS to clients: Yes

Push LAN to clients: Yes

Direct clients to redirect Internet traffic: No (as each site uses their own internet access for external traffic)

Manage Client-Specific Options: Yes

Allow Client <-> Client: Yes

Allow only specified clients: Yes

Common name: client

Subnet : 192.168.1.0

Mask: 255.255.255.0

Push : Yes

4. Click Apply





5.Create a new username & password

6. Export the openvpn configuration file to DR site

DR Site

Using ASUS RT-N18U

Configure using Open VPN - act as VPN Client

1. Go to Advanced Settings | VPN | VPN Client | Add profile


2. Add the user credential that you have created previously & upload the open VPN configuration file

3. Click Activate

End Result


Connection established!

On Main Site Router indicated "Connected"


You are now able to RDP to the machine on both sites.



Wednesday, September 1, 2021

Video - Backup and Recover Using Kasten

 Quick run-through on how to backup and recover containers using Kasten.