At Veeam, we continually strive to provide the most robust, secure, and reliable data protection solutions. Today, we’re excited to announce a significant development in that pursuit: Veeam’s new support for Rocky Linux 9.4 in Veeam Backup & Replication v12.2, complete with the DISA STIG security profile.
Enhanced Security with DISA STIG
DISA STIGs (Defense Information Systems Agency Security Technical Implementation Guides) are a set of security standards designed to protect critical systems. Implementing the DISA STIG security profile for Veeam Hardened Repository servers ensures that your systems meet these strict requirements and strengthens your overall security posture.
Official Support for Rocky Linux
Rocky Linux is a “bug-for-bug compatible” Red Hat Enterprise Linux (RHEL) clone. It’s a community-driven Linux distribution that quickly became popular. Veeam customers were using Rocky Linux as repositories and proxies for some time, and even backed up these systems with Veeam Agent for Linux (with some hacks) — even without official support from Veeam. Veeam Backup & Replication v12.2 closes this gap and by declaring official support for Rocky Linux 9.4 ( 9.3 and earlier was already supported in 12.1.2). Veeam supports Rocky Linux 9.4 as a proxy, as a repository (including XFS reflink/fast-clone), as a tape server, as a gateway server, and as a supported system for Veeam Agent for Linux.
Veeam Hardened Repository: Your Fortress Against Ransomware
In today’s digital landscape, ransomware attacks pose a significant threat to organizations of all sizes. These malicious attacks encrypt critical data, rendering it inaccessible and often demanding a ransom payment for decryption. Veeam’s Hardened Repository with immutable backups offers a powerful defence against these threats that try to delete or encrypt backups.
How to Set up Rocky Linux 9 with a DISA STIG Security Profile for Veeam Hardened Repository in 10 Minutes
As mentioned earlier, Rocky Linux is a Red Hat Enterprise Linux clone. That means you can follow the “Install DISA STIG Red Hat Linux for Veeam Repository” blog post I wrote earlier and skip the license part for successful installation.
To make this a bit easier, I also created a video that goes through all the steps. In this example, I used the logical volume manager (LVM) to allow for a bit more flexibility in future. Partitioning is the most complex part of the installation from my point of view. While having 100GB as minimum requirement, the operating system disk could be larger in 2024 of course. The table below shows the recommended values. Please note that the video tutorial differs a bit, so refer to the table below for the most accurate information.
The following video shows ho to install Rocky Linux with DISA STIG security profile enabled:
Once the system is installed, there are a few more steps to complete. Permissions need to be set correctly, the machine needs to be added to Veeam Backup & Replication, and you will probably want to lock down the system as well. I also recorded a video to walk through this process, and it follows the steps from the RHEL blog. I also recommend that you copy and paste everything from the RHEL blog post rather than typing everything in manually.
During boot, you might see that the sssd is not starting. This is not relevant in this particular use case and can be ignored.
Conclusion
Veeam’s support for Rocky Linux 9, combined with the DISA STIG security profile, delivers a robust and secure foundation for your data protection strategy in Veeam Backup & Replication v12.2. This powerful duo ensures the highest levels of security, stability, and reliability for your backups.
Start exploring the benefits of Veeam’s Hardened Repository on Rocky Linux today. Happy backing up!