Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Security and Encryption Guide
  3. Section IV. Malware scanning
  4. Scan host configurations
  5. Prerequisites for a scan host
  6. Prerequisites for Linux scan host
NetBackup™ Security and Encryption Guide

Prerequisites for Linux scan host

In addition to the prerequisites listed in Prerequisites for a scan host, ensure that you meet the following requirements for Linux platform:

  • For a Linux scan host the default login shell must be bash.

  • For RHEL 9 (and above) scan host, ensure that the SCP Linux command is not disabled.

  • Install the following:

    For NFS share type: nfs-utils

    For SMB share type: cifs-utils

  • For NetBackup malware detection utility to run on scan host, install libnsl.so.1 library on scan host. If the latest version of libnsl library file is present (for example, /usr/lib64/libnsl.so.2), then create a soft link file /usr/lib64/libnsl.so.1 which points to /usr/lib64/libnsl.so.2 file.

    Example to create a soft link file:

    # cd /usr/lib64 # ln -sf libnsl.so.2 libnsl.so.1

    Note:

    For assistance on installing the libnsl* library file, contact operating system administrator.

  • (Optional) A new variable entry ($TMPDIR) having a value equal to the desired location can be added for malware scan temp directory in the scan user's bashrc file.

    For example, $TMPDIR=/mytempdirectory/malware to overwrite the default /tmp/malware temporary location. If user specifies $TMPDIR=/home/scanuser as the temporary directory, then /home/scanuser/tmp/malware directory would be used as the temporary directory for all the malware related files.

    Note:

    Ensure that the scanuser has the required permissions to $TMPDIR folder for performing the malware scan successfully.

  • For a non-root user on Linux:

    • Allow the ssh connection with a non-root user.

      For example: Add the Allow Users root scanuser entry in the /etc/ssh/sshd_config file.

      Note:

      A scan user is a non-root user that is created in the system.

    • Provide user permission to mount and umount. Add the user permission entry in sudoers file.

      For example: In the /etc/sudoers file add one of the following:

      • scanuser ALL=(ALL) NOPASSWD:ALL

      • scanuser ALL=(ALL) NOPASSWD:/bin/umount, /bin/mount

    • Configure the malware tool with a non-root user on the scan host.

      Note:

      If scanning is done using the root user, then change the permission of the /tmp/malware folder to provide write permissions to the non-root user.

      For example: chmod a+rwx /tmp/malware

Note:

For VMware and Cloud workload policy scanning, UID and GID mapping must be set to 0.

(If scan host is created in Azure or AWS from marketplace images) Enable root access for scan host as follows:

  • Change the root password using the following command:

    - sudo -i passwd

  • Change /etc/ssh/sshd_config file to provide the permit for root login as follows:

    "PermitRootLogin yes" 
    "PasswordAuthentication yes"
  • Restart the service with the following command:

    - service sshd reload

  • Change /etc/cloud/cloud.cfg file as follows to enable root user:

    disable_root 0

Feedback

Was this page helpful?
Previous

Prerequisites for Windows scan host

Next

Limitations and considerations for scan host using NFS share

Feedback

Was this page helpful?