sa_backup is a tool to take a backup of configurations of all Security Analytics components available on the appliance. Tested with versions 10.3, 10.4, 10.5.
NOTE: This solution has not been qualified by RSA.
Pushed a new release as fixed a bug: Mongo DB is not identified.
New release 1.0.7 - 1.0.9 !. New features:
Attached and also available on the GitHub: https://github.com/Jazzmax/rsa_sa_backup
The direct GitHub link to the script: https://raw.githubusercontent.com/Jazzmax/rsa_sa_backup/master/sa_backup.sh so can be grabbed using wget.
This has been tested when restoring on the same appliance and a fresh/re-imaged appliance (RMA-like scenario).
The tool does NOT do:
- Remote backup - on its way
- Backup of the SA data (nw*db files).
- Backup of a license server (fneserver).
Restoring is manual yet. You need to extract all tar.gz files using:
tar -C / -xvphzf backup.tar.gz
To restore MongoDB extract the mongo dump directory and run:
mongorestore -v --drop mongodb-dump.2015-06-07-22-40
Note: on ESA appliance to be able to restore the entire db dump you would need to temporarily disable the authentication in /etc/tokumx.conf:
sed -i "s/\(auth *= *\).*/\1false/" /etc/tokumx.confservice tokumx restart
After the restore has been done enable the authentication back:
sed -i "s/\(auth *= *\).*/\1true/" /etc/tokumx.confservice tokumx restart
In conjunction to this backup tool I am working on a restore tool.Any feedback or contribution will be greatly appreciated.
Features
This script must be run as "root" user.Edit the initialization section in the script before running the script or use a configuration file.
./sa_backup.sh [OPTION...]Please modify the configuration section in the script or use an external configuration file.Examples:
sa_backup --config=backup.conf --verbose sa_backup --backuponly=coreMain operation mode:-c, --config=CONFIG_FILE Use configuration file
-b, --backuponly=COMPONENTS Backup only specified components:
core - Core services
sys - OS configuration
puppet - puppet master/agent configuration
rabbitmq - rabbitmq configuration
mongo - MongoDB/tokumx dump
jetty - SA application server settings
re - Reporting Engine
malware - Malware Analysis configuration
esa - Event Stream Analysis configuration
im - Incidint Management configuration
sms - System Management System
lc - Log collector
whc - Warehouse connector
pgqsl - PostgreSQL database
-t, --test Test mode; no backup performed
-v, --verbose tar verbose switch
-?, -h, --help Give this help list
Changelog version 1.0.8:
Changelog version 1.0.7:
Changelog version 1.0.6:
Changelog version 1.0.5:
Changelog version 1.0.4:
Changelog version 1.0.3:
Changelog version 1.0.2:
Changelog version 1.0.1:
Version 1.0.0 - Initial version
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.