没有合适的资源?快使用搜索试试~ 我知道了~
首页Veritas NetBackup™ Appliance Security Guide - 3.1
Veritas NetBackup™ Appliance Security Guide - 3.1
需积分: 5 0 下载量 31 浏览量
更新于2023-11-24
收藏 1.69MB PDF 举报
《NetBackup Appliance Security Guide - 3.1》是一份由Veritas Technologies LLC发布的安全指南,适用于Veritas NetBackup™ Appliance Release 3.1版本。该指南的文件版本为3.1,版权所有归Veritas Technologies LLC所有,未经授权禁止复制或传播。Veritas、Veritas Logo、NetBackup、Storage Foundation和Copilot均为Veritas Technologies LLC或其关联公司在美国和其他国家的商标或注册商标。该产品可能包含Veritas需要向第三方提供归属声明的第三方软件("Third Party Programs")。部分第三方软件在开源或自由软件许可证下可用,但软件随附的许可协议不改变用户在这些开源或自由软件许可下享有的任何权利或义务。
资源详情
资源推荐
![](https://csdnimg.cn/release/download_crawler_static/88193922/bg10.jpg)
Table 2-1
NetBackup appliance account types
DescriptionAccount type
The NetBackup appliance is administered and managed through user accounts. You can
create local user accounts, or register users and user groups that belong to a remote directory
service. Each user account must authenticate itself with a user name and password to
access the appliance. For a local user, the user name and password are managed on the
appliance. For a registered remote user, the user name and password are managed by the
remote directory service.
In order for a new user account to log on and access the appliance, you must first authorize
it with a role. By default, a new user account does not have an assigned role, and therefore
it cannot log on until you grant it a role.
You can grant the following roles to a user or a user group:
■ Administrator
A user account that is assigned the Administrator role is provided administrative privileges
to manage the NetBackup appliance. An Administrator user is allowed to log on, view,
and perform all functions on the NetBackup Appliance Web Console and the NetBackup
Appliance Shell Menu. These user accounts have permissions to log on to the appliance
and run NetBackup commands with superuser privileges.
See “About the Administrator user role” on page 39.
■ NetBackupCLI
A user account that is assigned the NetBackupCLI role can execute all NetBackup
commands, view logs, edit NetBackup touch files, and edit NetBackup notify scripts.
NetBackupCLI users are solely restricted to run NetBackup commands with superuser
privileges and do not have access outside the scope of NetBackup software directories.
Once these users log on, they are taken to a restricted shell from where they can run
the NetBackup commands.
See “About the NetBackupCLI user role” on page 40.
User
The admin account is the default Administrator user on the NetBackup appliance. This
account provides full appliance access and control for the default Administrator user.
New NetBackup appliance are shipped with the following default logon credentials:
■ User name: admin
■ Password: P@ssw0rd
When mounting or mapping shares from an appliance, make note of the following:
■ Windows: Only the Admin account is authorized to mount or map Windows CIFS shares.
■ Linux: Only users with a root access account can issue the mount command directly to
mount NFS shares.
admin
The Maintenance account is used by Veritas Support through the NetBackup Appliance
Shell Menu (after an administrative log-on). This account is used specifically to perform
maintenance activity or to troubleshoot the appliance.
Maintenance
16User authentication
About user authentication on the NetBackup appliance
![](https://csdnimg.cn/release/download_crawler_static/88193922/bg11.jpg)
Table 2-1
NetBackup appliance account types (continued)
DescriptionAccount type
The sisips account is an internal user for implementing the SDCS policies.sisips
The root account is a restricted user that is only accessed by Veritas Support to perform
maintenance tasks. If you try to access this account, the following message is displayed:
Permission Denied !! Access to the root account requires
overriding the Symantec Intrusion Security Policy.
Please refer to the appliance security guide for
overriding instructions.
Warning: Please note that you can override the Veritas Intrusion Security Policy (ISP) to
gain access to the root account. However, doing so is not recommended as it puts the
system at risk and vulnerable to attack.See “Overriding the NetBackup appliance intrusion
prevention system policy” on page 52.
root
See “About authorizing NetBackup appliance users” on page 36.
User types that can authenticate on the NetBackup appliance
You can directly add local users on the appliance, or register users from an LDAP
server, Active Directory (AD) server, or NIS server. Registering remote users offers
the benefit of letting you leverage your existing directory service for user
management and authentication. Table 2-2 describes the types of users that can
be added to a NetBackup appliance.
Note: Local user commands cannot be used successfully before the appliance role
is configured. Any attempted local user commands including, but not limited to
granting user permissions, fail if the appliance role is not configured. If you attempt
to run local user commands before role configuration, those same commands also
fail after you complete the role configuration. Certain commands can also exhibit
unexpected or undesired behavior. To prevent these situations, it is a best practice
to avoid attempting any local user commands until after the appliance role has been
configured.
17User authentication
About user authentication on the NetBackup appliance
![](https://csdnimg.cn/release/download_crawler_static/88193922/bg12.jpg)
Table 2-2
NetBackup appliance user types
NotesDescriptionUser type
■ You can use the Settings > Authentication >
User Management page from the NetBackup
Appliance Web Console to add, delete, and
manage local users.
■ You can use the Settings > Security >
Authentication > LocalUser command
from the NetBackup Appliance Shell Menu to add
and delete local users, as well as change their
passwords.
■ You cannot add local user groups.
■ A local user can have the Administrator or
NetBackupCLI role.
Note: You cannot grant the NetBackupCLI role
to an existing local user. However, you can create
a local NetBackupCLI user by using the Manage
> NetBackupCLI > Create command from
the NetBackup Appliance Shell Menu.
A local user is added to the appliance
database and is not referenced to an external
directory-based server like an LDAP server.
Once the user has been added, you can then
grant or revoke the appropriate appliance
access permissions.
Local (native
user)
■ You can use the Settings > Authentication >
User Management page from the NetBackup
Appliance Web Console to add, delete, and
manage LDAP users and user groups.
■ You can use the Settings > Security >
Authentication > LDAP command from the
NetBackup Appliance Shell Menu to add and
delete LDAP users and user groups.
■ You can assign the Administrator or
NetBackupCLI role to an LDAP user or user
group.
Note: The NetBackupCLI role can be assigned
to a maximum of nine (9) user groups at any
given time.
An LDAP (Lightweight Directory Access
Protocol) user or user group exists on an
external LDAP server. After configuring the
appliance to communicate with the LDAP
server, you can register those users and user
groups with the appliance. Once the user has
been registered (added), you can then grant
or revoke the appropriate appliance access
permissions.
See “About authenticating LDAP users”
on page 23.
LDAP
18User authentication
About user authentication on the NetBackup appliance
![](https://csdnimg.cn/release/download_crawler_static/88193922/bg13.jpg)
Table 2-2
NetBackup appliance user types (continued)
NotesDescriptionUser type
■ You can use the Settings > Authentication >
User Management page from the NetBackup
Appliance Web Console to add, delete, and
manage AD users and user groups.
■ You can use the Settings > Security >
Authentication > ActiveDirectory
command from the NetBackup Appliance Shell
Menu to add and delete AD users and user
groups.
■ You can assign the Administrator or
NetBackupCLI role to an AD user or user group.
Note: The NetBackupCLI role can be assigned
to a maximum of nine (9) user groups at any
given time.
An Active Directory (AD) user or user group
exists on an external AD server. After
configuring the appliance to communicate with
the AD server, you can register those users
and user groups with the appliance. Once the
user has been registered (added), you can
then grant or revoke the appropriate appliance
access permissions.
See “About authenticating Active Directory
users” on page 24.
Active
Directory
■ You can use the Settings > Authentication >
User Management page from the NetBackup
Appliance Web Console to add, delete, and
manage NIS users and user groups.
■ You can use the Settings > Security >
Authentication > Kerberos command from
the NetBackup Appliance Shell Menu to add and
delete NIS users and user groups.
■ You can assign the Administrator or
NetBackupCLI role to a NIS user or user group.
Note: The NetBackupCLI role can be assigned
to a maximum of nine (9) user groups at any
given time.
A NIS (Network Information Service) user or
user group exists on an external NIS server.
Unlike the LDAP and AD implementations,
configuring the appliance to communicate with
the NIS domain requires Kerberos
authentication. You must have an existing
Kerberos service associated with your NIS
server before you can configure the appliance
to register the NIS users.
After configuring the appliance to communicate
with the NIS server and the Kerberos server,
you can register the NIS users and user
groups with the appliance. Once the user has
been registered (added) to the appliance, you
can then grant or revoke the appropriate
appliance access permissions.
See “About authenticating Kerberos-NIS
users” on page 25.
Kerberos-NIS
For detailed instructions on configuring new users, refer to the NetBackup Appliance
Administrator's Guide.
19User authentication
About user authentication on the NetBackup appliance
![](https://csdnimg.cn/release/download_crawler_static/88193922/bg14.jpg)
About configuring user authentication
Table 2-3 describes the options that are provided in the NetBackup Appliance Web
Console and NetBackup Appliance Shell Menu for configuring the appliance to
authenticate various types of users and grant them access privileges.
Table 2-3
User authentication management
NetBackup Appliance Shell MenuNetBackup Appliance Web ConsoleUser type
The following commands and options are
available under Settings > Security >
Authentication > LocalUser:
■ Clean - Delete all of the local users.
■ List - List all of the local users that have
been added to the appliance.
■ Password - Change the password of a local
user.
■ Users - Add or remove one or more local
users.
Use the Settings > Authentication > User
Management tab in the NetBackup Appliance
Web Console to add local users.
See “About authorizing NetBackup appliance
users” on page 36.
Local (native user)
20User authentication
About configuring user authentication
剩余115页未读,继续阅读
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://profile-avatar.csdnimg.cn/28105908048e4518a28a3457cdef3389_weixin_40191861.jpg!1)
weixin_40191861_zj
- 粉丝: 69
- 资源: 1万+
上传资源 快速赚钱
我的内容管理 收起
我的资源 快来上传第一个资源
我的收益
登录查看自己的收益我的积分 登录查看自己的积分
我的C币 登录后查看C币余额
我的收藏
我的下载
下载帮助
![](https://csdnimg.cn/release/wenkucmsfe/public/img/voice.245cc511.png)
会员权益专享
最新资源
- 构建智慧路灯大数据平台:物联网与节能解决方案
- 智慧开发区建设:探索创新解决方案
- SQL查询实践:员工、商品与销售数据分析
- 2022智慧酒店解决方案:提升服务效率与体验
- 2022年智慧景区信息化整体解决方案:打造数字化旅游新时代
- 2022智慧景区建设:大数据驱动的5A级管理与服务升级
- 2022智慧教育综合方案:迈向2.0时代的创新路径与实施策略
- 2022智慧教育:构建区域教育云,赋能学习新时代
- 2022智慧教室解决方案:融合技术提升教学新时代
- 构建智慧机场:2022年全面信息化解决方案
- 2022智慧机场建设:大数据与物联网引领的生态转型与客户体验升级
- 智慧机场2022安防解决方案:打造高效指挥与全面监控系统
- 2022智慧化工园区一体化管理与运营解决方案
- 2022智慧河长管理系统:科技助力水环境治理
- 伪随机相位编码雷达仿真及FFT增益分析
- 2022智慧管廊建设:工业化与智能化解决方案
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
![](https://img-home.csdnimg.cn/images/20220527035711.png)
![](https://img-home.csdnimg.cn/images/20220527035711.png)
![](https://img-home.csdnimg.cn/images/20220527035111.png)
安全验证
文档复制为VIP权益,开通VIP直接复制
![](https://csdnimg.cn/release/wenkucmsfe/public/img/green-success.6a4acb44.png)