Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Deduplication Guide
  3. Managing deduplication
  4. Enabling extra OS STIG hardening on WORM storage server instance
NetBackup™ Deduplication Guide

Enabling extra OS STIG hardening on WORM storage server instance

The Security Technical Implementation Guides (STIGs) provide technical guidance for increasing the security of information systems and software to help prevent malicious computer attacks. This type of security is also referred to as hardening.

OS STIG hardening rules are automatically enabled on primary, media, and storage server instances. These rules are based on the following profile from the Defense Information Systems Agency (DISA):

STIG for Red Hat Enterprise Linux Server

You can enable extra OS STIG hardening for increased security. The additional rules add protection to the sshd process and enforce stricter password policies.

Note the following about enabling extra OS STIG hardening:

  • This command does not allow individual rule control.

  • Once the option is enabled, it cannot be disabled.

  • Before the extra rules are enabled on the instance, you can have unlimited concurrent SSH sessions. After OS STIG hardening is enabled, the maximum number of concurrent SSH sessions is limited to 10.

To enable extra OS STIG hardening

  1. Open an SSH session to the instance as the msdpadm user (Flex) or appadmin user (Flex Scale).
  2. Run the following command:

    setting STIG enable-ondemand-hardening

Feedback

Was this page helpful?
Previous

Specifying the restore server

Next

Using multiple MSDP nodes for multistream backups on MSDP cluster

Feedback

Was this page helpful?