Veritas NetBackup™ Appliance Security Guide

Last Published:
Product(s): Appliances (4.0)
Platform: NetBackup Appliance OS
  1. About the NetBackup appliance Security Guide
    1.  
      About the NetBackup appliance Security Guide
  2. User authentication
    1. About user authentication on the NetBackup appliance
      1.  
        User types that can authenticate on the NetBackup appliance
    2. About configuring user authentication
      1.  
        Generic user authentication guidelines
    3.  
      About authenticating LDAP users
    4.  
      About authenticating Active Directory users
    5.  
      About authentication using smart cards and digital certificates
    6.  
      About authenticating Kerberos-NIS users
    7.  
      About the appliance login banner
    8. About user name and password specifications
      1.  
        About STIG-compliant password policy rules
  3. User authorization
    1.  
      About user authorization on the NetBackup appliance
    2. About authorizing NetBackup appliance users
      1.  
        NetBackup appliance user role privileges
    3.  
      About the Administrator user role
    4.  
      About the NetBackupCLI user role
    5.  
      About user authorization in NetBackup
  4. Intrusion prevention and intrusion detection systems
    1.  
      About Symantec Data Center Security on the NetBackup appliance
    2.  
      About the NetBackup appliance intrusion prevention system
    3.  
      About the NetBackup appliance intrusion detection system
    4.  
      Reviewing SDCS events on the NetBackup appliance
    5.  
      Running SDCS in unmanaged mode on the NetBackup appliance
    6.  
      Running SDCS in managed mode on the NetBackup appliance
  5. Log files
    1.  
      About NetBackup appliance log files
    2.  
      Viewing log files using the Support command
    3.  
      Where to find NetBackup appliance log files using the Browse command
    4.  
      Gathering device logs on a NetBackup appliance
    5.  
      Log Forwarding feature overview
  6. Operating system security
    1.  
      About NetBackup appliance operating system security
    2.  
      Major components of the NetBackup appliance OS
    3.  
      Vulnerability scanning of the NetBackup appliance
    4.  
      Disable user access to the NetBackup appliance operating system
    5.  
      Manage support access to the maintenance shell
  7. Data security
    1.  
      About data security
    2.  
      About data integrity
    3.  
      About data classification
    4. About data encryption
      1.  
        KMS support
  8. Web security
    1.  
      About SSL usage
    2.  
      Implementing third-party SSL certificates
  9. Network security
    1.  
      About IPsec Channel Configuration
    2.  
      About NetBackup appliance ports
    3.  
      About the NetBackup Appliance firewall
  10. Call Home security
    1. About AutoSupport
      1.  
        Data security standards
    2. About Call Home
      1.  
        Configuring Call Home from the NetBackup Appliance Shell Menu
      2.  
        Enabling and disabling Call Home from the appliance shell menu
      3.  
        Configuring a Call Home proxy server from the NetBackup Appliance Shell Menu
      4.  
        Understanding the Call Home workflow
    3. About SNMP
      1.  
        About the Management Information Base (MIB)
  11. Remote Management Module (RMM) security
    1.  
      Introduction to IPMI configuration
    2.  
      Recommended IPMI settings
    3.  
      RMM ports
    4.  
      Enabling SSH on the Remote Management Module
    5.  
      Replacing the default IPMI SSL certificate
  12. STIG and FIPS conformance
    1.  
      OS STIG hardening for NetBackup appliance
    2.  
      Unenforced STIG hardening rules
    3.  
      FIPS 140-2 conformance for NetBackup appliance
  13. Appendix A. Security release content
    1.  
      NetBackup Appliance security release content
  14.  
    Index

Reviewing SDCS events on the NetBackup appliance

You can use the Monitor > SDCS Events page to view the Symantec Data Center Security (SDCS) logs. These audit logs can help in detecting security breaches and abnormal activity on the appliance. An event in the audit log includes the following details:

  • When - Displays the timestamp of the logged event.

  • Who - Displays which user had logged on when the event took place.

  • What - Displays the description of the event and the resource involved.

  • How - Displays the Process Name, Process ID, Operation Permissions, and Sandbox Details.

  • Severity - Displays the severity of the event.

  • Enforcement Action - Displays whether the event was allowed or denied.

The SDCS events are retrieved and are represented using the severity types that are described in Table: SDCS event severity types

Table: SDCS event severity types

Severity types

Description

Events example

Information

Events with a severity as Info contain information about normal system operation.

For example the following message provides the basic information relating to a generic event.

general CLISH message 
Event source:
SYSLOG PID: 30315 
Complete message: 
May 21 06:58:55 
nb-appliance 
CLISH[30315]: 
User admin 
executed Return

Notice

Events with a severity as Notice contain information about normal system operation.

An event that helps confirm the successful execution of an event is recorded as a Notice. For example the following message helps the user to understand that the event has been successfully executed.

successful SUDO to root 
Event source: SYSLOG 
[sudo facility] 
Command: /bin/su From 
Username: AppComm To 
Username: root 
Port: unknown 

Warning

Events with a severity as Warning indicate unexpected activity or problems that have already been handled by SDCS. These Warning messages might indicate that a service or application on a target computer is functioning improperly with the applied policy. After investigating the policy violations, you can configure the policy and allow the service or application to access to the specific resources if necessary.

For example, the following event helps to identify and unexpected activity, like the inbound connection from a local IP address.

Inbound connection allowed from 
<IPaddress> to local address.

Major

Events with a severity as Major imply a more serious effect than Warning and less effect than Critical.

For example, the following event helps to identify unauthorized access.

General luser message 
Event source:SYSLOG Complete 
message:
Feb 5 21:57 luser Unauthorized 
user by luser
Denying access to system.

Critical

Events with a severity as Critical indicate activity or problems that might require administrator intervention to correct.

For example, the following event can help to identify critical events that can affect the appliance in an unexpected manner.

Group Membership for "group1" 
CHANGED from 'admin1' to 
'admin2'

For more information about retrieving SDCS audit logs, refer to the NetBackup Appliance Administrator's Guide.

For information about the appliance operating system logs, such as syslogs and other appliance logs, See About NetBackup appliance log files.