I'm in the process of setting up an on-site hardened repository, and while the Veeam-provided ISO works well, I've found it surprisingly limiting. It's great for minimizing the attack surface, but I expected some essential features like NIC bonding, PAM authentication for physical token login, and more command line functionality. The interface is just a basic menu with a handful of options, so once I enable SSH for Veeam console access, it's like Veeam takes over the management completely.
For those of you who've set this up, how does the hardened repo fit into your workflow? Did you find the default ISO too restricted and choose to go for a custom Ubuntu version instead? Or did the base ISO meet your needs? I'm feeling stuck on what to recommend for my setup and could use any insight you have!
2 Answers
I went with the Veeam ISO because it came pre-configured and super secure right from the start. Honestly, I don’t see what more features are needed since I hardly ever log into it after the initial setup.
You can actually set up NIC bonding during the initial installation. Most of the limitations come from the appliance approach and the hardening done for security. Typically, there shouldn’t be much need for root access. What's missing for you? Why do you feel you need CLI access?
You’re right about NIC bonding, I overlooked that during my setup. As for needing CLI, I just feel uneasy relying solely on standard password auth for access. I was hoping for some support for YubiKeys or tokens. But it seems like in a secure, air-gapped environment, the Veeam ISO should be fine. I think I'm going to stick with it!