The security of your data center and backups is comprehensive!
The Bacula Operating System, BaculaOS, offers cutting-edge technology for your data center, optimizing the integration of all features of the Bacula backup software, whether in the Community version or the renowned Enterprise version. In the latter, it provides state-of-the-art security mechanisms such as immutability and a complete protection suite, including defense against ransomware. With BaculaOS, your data center benefits from increased security, high performance, and the best market cost.
Check out some of the key security mechanisms and strategies implemented in BaculaOS:
- Implementation of Secure Password Compliance: BaculaOS ensures that weak or sequential passwords are not used, strengthening security against unauthorized access attempts.
- Restricted Root User Access: In BaculaOS, direct access to the root user is restricted. Users must first log in as a regular user and only then escalate privileges if necessary. This enhances security by ensuring that all actions performed with root privileges are deliberate and monitored.
- Advanced Audit for Low-Level Operations: BaculaOS enables detailed auditing for operating system commands and system calls, logging all activities. This allows for detailed monitoring and facilitates the identification and response to suspicious activities.
- Disabling Ctrl-Alt-Delete Reboot Option: This security measure prevents accidental or malicious system reboots, maintaining operational stability.
- Root Login Disablement for SSH: By preventing SSH access as root, BaculaOS adds an extra layer of security, requiring users to access the system in a more controlled and traceable manner.
- Automatic Lockout after Incorrect Login Attempts: With this feature, BaculaOS automatically locks the account for at least 15 minutes after three incorrect login attempts, protecting against brute force attacks.
- Universal use: compatible with all hardware capable of Oracle and RedHat Linux.
- Automatic encryption enabled: FIPS 140-3, adhering to the most demanding security standards. LUKS disk encryption.
- Retention Compliance Clock with NTP and NTS: BaculaOS uses the Network Time Protocol (NTP) with Network Time Security (NTS) to maintain the retention compliance clock. This ensures accuracy and security in time synchronization, especially crucial in case of a cyber attack, ensuring that changes to the operating system clock do not affect the expiration of backup copies.
- Protection against ransomware and hardware failures: immutability and Continuous cyclic redundancy check (CRC) of backup data.
- Consoles: SSH, Cockpit, bconsole e Bweb.
- Tuning: BaculaOS offers recommended kernel parameters and protocols to optimize the performance of the solution.
- IDS: The intrusion detection system (IDS) of the appliance consists of a customized BaculaOS policy, which automatically runs at startup. The IDS policy is a real-time policy for monitoring significant system events and critical configuration changes, while optionally taking remediation actions on events of interest. The following list contains some of the events that the IDS policy monitors:
- User logons, logouts, and failed login attempts
- Sudo commands
- User addition, deletion, and password changes
- User group addition, deletion, and member modifications
- Changes in the system’s auto-start options
- Modifications to all system directories and files, including core system files, main system configuration files, installation programs, and common daemon files
- Start and stop of Bacula services
- Detected system attacks from UNIX rootkit file/directory detection, UNIX worm file/directory detection, malicious module detection, suspicious permission change detection, and so on
- Audit of all the activity of the Bacula Appliance Web Console and the Bacula Appliance Shell Menu, including shell operations for maintenance, root users, and other system users.
- And much more!
BaculaOS comes pre-installed on all Bacula Appliances or can be acquired by all Bacula Enterprise customers for third-party hardware