KB ID: | 4250 |
Product: | Veeam Backup & Replication | 11 |
Published: | 2021-12-10 |
Last Modified: | 2022-04-07 |
Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest
The underlying SSH channel is closed
The NIST 800-171 security profile on Red Hat Enterprise Linux 8 includes tmux automatic startup system-wide. To successfully deploy the Veeam services on the system, tmux must be temporarily disabled. Usually, it is configured in /etc/bashrc for all users on the system as shown here:
[user@rhel8 ~]$ sudo grep tmux /etc/bashrc
case "$name" in sshd|login) exec tmux ;; esac
[user@rhel8 ~]$ sudo grep tmux /etc/bashrc
#case "$name" in sshd|login) exec tmux ;; esac
Next, configure umask value to 022 for the user assigned to Veeam to use when adding the Linux server.
There are two scenarios for this:
a) When elevating account privileges automatically (not using the "Use 'su' if 'sudo' fails" option):
Defaults:user umask_override
Defaults:user umask=0022
echo "umask 022" >> .bash_profile
sudo echo "umask 022" >> .bash_profile
2. Click Next (twice) through the following pages of the New Linux Server wizard, and STOP when the button changes from [Next] to [Apply].
3. Once you click [Apply], the deployment will begin. During the deployment, when you see the line "Testing Veeam Data Mover service connection," you will have three minutes to send the series of commands below to mark the Veeam binaries as trusted by fapolicyd. Before you click [Apply], we advise that you connect to the Linux server you are adding and prepare to enter the commands at the appropriate time, as mentioned above. Click [Apply] when you are ready to proceed.
sudo fapolicyd-cli --file add /opt/veeam/transport/veeamagent
sudo fapolicyd-cli --file add /opt/veeam/transport/veeamtransport
sudo fapolicyd-cli --file add /opt/veeam/transport/veeamimmureposvc
sudo systemctl restart fapolicyd
If you see messages like "Cannot open /opt/veeam/transport/veeamagent" the deployment process has failed, and the Veeam Data Mover service binaries have been uninstalled. If this occurs, click [Previous] and click [Apply] to repeat the deployment process. Try again entering the commands during the "Testing Veeam Data Mover service connection" step.
4. The first deployment attempt will fail despite applying the rules correctly, because the the Veeam Data Mover service processes fail to start due to fapolicyd. If you have entered the commands correctly to mark the Veeam binaries as trusted by fapolicyd when you click [Previous] and then click [Apply] again, the deployment process will succeed.
Your feedback has been received and will be reviewed.
Please try again later.
This form is only for KB Feedback/Suggestions, if you need help with the software open a support case
Your feedback has been received and will be reviewed.