Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Security and Encryption Guide
  3. Section IV. Malware scanning
  4. Scan host configurations
  5. Configuring scan host
  6. Automated scan host configuration
  7. Scan host configuration using Ansible
NetBackup™ Security and Encryption Guide

Scan host configuration using Ansible

Using Ansible, single/multiple scan hosts can be configured at once by providing the host details in inventory/hosts.yml file. NetBackup footprint is not required on the scan host. This utility installs and configures the prerequisites required to run a malware scan on the scan host (RHEL 8.x/9.x/ Windows Server 2016 and above). Additionally, this utility can be used to install NetBackup Malware Scanner on the scan host.

For more information, refer to the ReadMe.md file located at Ansible ReadMe.md.

Prerequisites

  • The minimum required configuration for the scan host is 8 CPU and 32-GB RAM.

  • For the supported operating systems of the scan host, refer to the Software Compatibility List.

  • NetBackup footprint is not required on the scan host. The existing systems with the NetBackup client or media server can be used as scan host, too.

  • (Linux) The scan host must be reachable from the media server over SSH.

    Note:

    SSH connection to scan host from the media server must be successful.

  • Following are the platform specific requirements:

    (For Windows) openssh, nfs-client, vc runtime, non-administrator user and Avira configured using previously created non-administrator user.

    (For Linux) libnsl, cifs-utils, non-root user and Avira configured using previously created non-administrator user.

Steps to configure scan host using Ansible

Note:

Ensure that you perform all the steps in this procedure on Ansible control host.

  1. Clone the repository from GitHub and move it to your Ansible control host as follows:

    git clone https://github.com/VeritasOS/netbackup-scanhost-config.git

  2. Navigate to netbackup-scanhost-config\ansible folder as follows:

    cd netbackup-scanhost-config\ansible

  3. By default, the host key checking would happen before configuring the scan host. To add the fingerprint of the scan host for Linux hosts, manually perform SSH to the scan host as follows:

    ssh-keyscan -H {{HOST}} >> ~/.ssh/known_hosts

  4. Provide the scan host details in the inventory/hosts.yml file. Refer to the Terminologies section in ReadMe.md file for the complete list of options.
    • install_avira: Installs NetBackup Malware Scanner if set to true, defaults to false.

    • avira_package_path: (Required only if install_avira is set to true). Local absolute path to the NetBackup Malware Scanner zip package (NBAntimalwareClient) which is available on the Veritas download center.

    • ansible_user: Scan host username who must be a user with Administrator or root/sudo privileges. When using the sudo privileges, provide the sudo password as follows:

      ansible_sudo_pass=<password>

    • ansible_ssh_pass: Scan host password.

  5. Run the following to run the playbook:

    ansible-playbook playbook.yml

  6. Use the credentials displayed at the end of script to register the scan host to NetBackup primary server.

Feedback

Was this page helpful?
Previous

Scan host configuration using Shell

Next

Manual scan host configuration

Feedback

Was this page helpful?