SYSTEM BACKUP AND RESTORE (AlienVault USM 4.8+)



Similar documents
How to configure High Availability (HA) in AlienVault USM (for versions 4.14 and prior)

AlienVault. Unified Security Management 5.x Configuration Backup and Restore

Monitoring VMware ESX Virtual Switches

AlienVault. Unified Security Management 5.x Configuring a VPN Environment

Device Integration: Checkpoint Firewall-1

Module 1: Overview. Module 2: AlienVault USM Solution Deployment. Module 3: AlienVault USM Basic Configuration

Device Integration: Citrix NetScaler

Device Integration: Cisco Wireless LAN Controller (WLC)

AlienVault. Unified Security Management x Offline Update and Software Restoration Procedures

Device Integration: CyberGuard SG565

How to send s triggered by events

AlienVault Unified Security Management (USM) x. Configuring High Availability (HA)

AlienVault Offline Key Activation

Deploying HIDS Client to Windows Hosts

AlienVault. Unified Security Management (USM) 5.1 Running the Getting Started Wizard

AlienVault Unified Security Management Solution Complete. Simple. Affordable Life Cycle of a log

AlienVault Unified Security Management (USM) 4.x-5.x. Deploying HIDS Agents to Linux Hosts

AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide

Suricata IDS. What is it and how to enable it

User Management Guide

AlienVault. Unified Security Management (USM) x Initial Setup Guide

How to enable File Integrity Monitoring (FIM)

4PSA Total Backup User's Guide. for Plesk and newer versions

The SIEM Evaluator s Guide

Presented by: CSIR-KNOWGATE. KNOWGATE KNOWGATE Website: knowgate.niscair.res.in

Installation Guide for WebSphere Application Server (WAS) and its Fix Packs on AIX V5.3L

Using Symantec NetBackup with Symantec Security Information Manager 4.5

AlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals

Configuring High Availability for VMware vcenter in RMS Distributed Setup

Migrating your custom settings to version 7.6

Assets, Groups & Networks

Backup Methods for your BBB or RPi2 Node

1Y0-250 Implementing Citrix NetScaler 10 for App and Desktop Solutions Practice Exam

Chapter 1. Backup service

ULTEO OPEN VIRTUAL DESKTOP V4.0

SWsoft Plesk 8.3 for Linux/Unix Backup and Restore Utilities

HP Device Manager 4.6

SWsoft Plesk 8.2 for Linux/Unix Backup and Restore Utilities. Administrator's Guide

White Paper. Fabasoft on Linux Cluster Support. Fabasoft Folio 2015 Update Rollup 2

CommandCenter Secure Gateway

How To Backup A Database On A Microsoft Powerpoint 3.5 (Mysqldump) On A Pcode (Mysql) On Your Pcode On A Macbook Or Macbook (Powerpoint) On

After you have created your text file, see Adding a Log Source.

Open-Xchange Server Backup Whitepaper

Fred Hantelmann LINUX. Start-up Guide. A self-contained introduction. With 57 Figures. Springer

NoMachine Enterprise Products, Cloud Server Installation and Configuration Guide

AlienVault Unified Security Management for Government v4.12 & CyberC4:Alert v4.12 Configuration for Common Criteria

MySQL backup and restore best practices. Roman Vynar September 21, 2015

Backup of ESXi Virtual Machines using Affa

Attix5 Pro Server Edition

Business Objects BI Server Installation Guide - Linux

insync Installation Guide

Adept Backup Solution - Configure Database MySQL Backup Schedule How to configure a MySQL Database Backup. Overview.

Information Sheet IS13011A. VS Series - Recovering / Installing the Operating System. (For Software Version 4.x) Issue

F-SECURE MESSAGING SECURITY GATEWAY

BACKUP YOUR SENSITIVE DATA WITH BACKUP- MANAGER

Unified Security Management (USM) 5.2 Vulnerability Assessment Guide

NetNumen U31 R06. Backup and Recovery Guide. Unified Element Management System. Version: V

How to backup a remote MySQL server with ZRM over the Internet

Installing a Symantec Backup Exec Agent on a SnapScale Cluster X2 Node or SnapServer DX1 or DX2. Summary

MySQL Backup and Recovery: Tools and Techniques. Presented by: René Senior Operational DBA

EVault for Data Protection Manager. Course 361 Protecting Linux and UNIX with EVault

Overview. Remote access and file transfer. SSH clients by platform. Logging in remotely

Linux System Administration. System Administration Tasks

CDP 3.0 Release Notes

GWAVA 5. Migration Guide for Netware GWAVA 4 to Linux GWAVA 5

Netflow Collection with AlienVault Alienvault 2013

Backup/Restore MySQL Server

How to Install Multicraft on a VPS or Dedicated Server (Ubuntu bit)

Recommended File System Ownership and Privileges

Back Up Linux And Windows Systems With BackupPC

Easy Setup Guide 1&1 CLOUD SERVER. Creating Backups. for Linux

NexentaConnect for VMware Virtual SAN

INSTALLING KAAZING WEBSOCKET GATEWAY - HTML5 EDITION ON AN AMAZON EC2 CLOUD SERVER

Intrusion Detection in AlienVault

Installing Virtual Coordinator (VC) in Linux Systems that use RPM (Red Hat, Fedora, CentOS) Document # 15807A1-103 Date: Aug 06, 2012

Unified Security Management and Open Threat Exchange

Getting Started with Universal Command Agent for SOA: XD Connector 4.3.0

How To Manage Security On A Networked Computer System

GroundWork Monitor Open Source Installation Guide

Cloud Server powered by Mac OS X. Getting Started Guide. Cloud Server. powered by Mac OS X. AKJZNAzsqknsxxkjnsjx Getting Started Guide Page 1

McAfee Enterprise Security Manager 9.3.2

HOW TO BUILD A VMWARE APPLIANCE: A CASE STUDY

Active Fabric Manager (AFM) Installation Guide 2.0

TECHNICAL NOTE SETTING UP A STRM UPDATE SERVER. Configuring your Update Server

Plesk 8.0 for Linux/UNIX Backup and Restore Utilities

Using Secure4Audit in an IRIX 6.5 Environment

SAP HANA Disaster Recovery with Asynchronous Storage Replication Using Snap Creator and SnapMirror

Secure File Transfer Installation. Sender Recipient Attached FIles Pages Date. Development Internal/External None 11 6/23/08

NIB Information Management System Backup and Restore

Welcome and thank you for considering enstratus as your cloud management platform.

CTERA Agent for Windows

Redmine Installation on Debian. v1.1

Contents Set up Cassandra Cluster using Datastax Community Edition on Amazon EC2 Installing OpsCenter on Amazon AMI References Contact

Using Emergency Restore to recover the vcenter Server has the following benefits as compared to the above methods:

Monitoring Clearswift Gateways with SCOM

Local Caching Servers (LCS): User Manual

Extreme Control Center, NAC, and Purview Virtual Appliance Installation Guide

Moving the TRITON Reporting Databases

MySQL Backup and Security. Best practices on how to run MySQL on Linux in a secure way Lenz Grimmer <lenz@mysql.com>

RSA Security Analytics System Maintenance Guide

Transcription:

Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved.

AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat Exchange, AlienVault OTX Reputation Monitor, AlienVault OTX Reputation Monitor Alert, AlienVault OSSIM and OSSIM are trademarks or service marks of AlienVault.

CONTENTS 1. INTRODUCTION... 4 2. SCOPE... 4 3. HOW TO BACKUP AN ALIENVAULT APPLIANCE... 4 3.1. Payload Backup... 6 3.2. Environment Backup... 6 3.3. Raw Data Backup... 7 3.4. Saving Generated Backup Files... 7 4. HOW TO RESTORE AN ALIENVAULT APPLIANCE BACKUP... 7 4.1. Copy the backup files into the appliance... 8 4.2. Stop appliance services... 9 4.3. Payload Restore... 9 4.4. MongoDB Dump Recovery... 9 4.5. Environment Restore... 10 4.6. Raw Data Restore... 10 4.7. Start Appliance Services... 11 DC-00146 Edition 01 Copyright 2015 AlienVault. All rights reserved. Page 3 of 11

1. INTRODUCTION This document describes how to perform a full backup of an AlienVault USM appliance (4.8+) so the system can be recovered - or replaced by another system - after proceeding with the restore process. The appliance to be recovered MUST have the same software version used during the backup process. 2. SCOPE This procedure will save all the information from your system required for recovery purposes: Payload: events, alarms, assets, users, reports, tickets, historic data... Environment: processes configuration, plugins, keys... Raw Data: Logger data and Netflows All the steps described in the following sections must be done, in the order here defined, to perform the full backup and restore of the system. Do not use this procedure to try to clone/duplicate data or configuration across your deployment. 3. HOW TO BACKUP AN ALIENVAULT APPLIANCE The backup procedure requires the users to have full access to the appliance console (local or remote access). To get remote access: Open a console terminal and type the following command: ssh root@ip_address IP_address refers to the default IP of your appliance. DC-00146 Edition 01 Copyright 2015 AlienVault. All rights reserved. Page 4 of 11

The AlienVault Setup main menu should be displayed after the user authentication. On the computer keyboard, press the arrow keys to move to option 3: Jailbreak System. Then, press Enter to accept the selection (<OK>). Execute the following command: screen The instructions below will generate the following backup files: Payload alienvault-dbs.sql.gz alienvault-mongo.tgz Environment Alienvault-environment.tgz Raw Data alienvault-data.tgz Please, keep these files in a secure location. They are needed in order to recover your appliance. DC-00146 Edition 01 Copyright 2015 AlienVault. All rights reserved. Page 5 of 11

3.1. PAYLOAD BACKUP The entire payload data managed by AlienVault appliances is stored in two databases: MySQL: events, alarms, assets info, users and permissions, reports, tickets... Mongo DB: IDM historic data So saving up a dump from these databases will provide the payload backup. 3.1.1. MYSQL DATABASE DUMP 1. Execute the following command: mysqldump -p`grep ^pass /etc/ossim/ossim_setup.conf sed 's/pass=//'` --noautocommit --single-transaction --all-databases gzip > alienvaultdbs.sql.gz 2. The alienvault-dbs.sql.gz backup file should be created. 3.1.2. MONGO DATABASE DUMP 1. Execute this command to dump your database: mongodump --host localhost 2. A directory called dump should be generated. 3. Compress the dump file. Type the following command: tar cvzf alienvault-mongo.tgz dump 4. The alienvault-mongo.tgz file should be successfully created. 3.2. ENVIRONMENT BACKUP This section describes how to save the environment configuration files related to the appliance platform, processes, plugins, keys... 1. Execute the following command: if [[! -f /etc/alienvault-center/alienvault-center-uuid ]]; then dmidecode - s system-uuid awk '{print tolower($0)}' > /etc/alienvault- DC-00146 Edition 01 Copyright 2015 AlienVault. All rights reserved. Page 6 of 11

center/alienvault-center-uuid ; fi 2. Backup the appliance configuration: tar cvzf alienvault-environment.tgz /etc/ossim/ /etc/alienvault/ /etc/alienvault-center/ /etc/ansible/ /root/.ssh/ /home/avapi/ /home/avforw/ /home/avserver/ /var/ossec/ /etc/snort/ /etc/suricata/ /etc/nagios3/ /etc/openvpn/ /var/cache/openvas/ /var/lib/openvas/ /etc/logrotate.d/ /etc/rsyslog.d/ /etc/apache2/ /usr/share/alienvault-center/ /etc/nfsen/ /etc/mysql/ /var/ossim/keys/ /var/ossim/ssl/ /etc/hosts /etc/resolv.conf 3. The alienvault-environment.tgz file should be created. 3.3. RAW DATA BACKUP 1. Create a compressed file containing the Logger and Netflows data: tar cvzf alienvault-data.tgz /var/ossim/logs /var/nfsen /var/cache/nfdump 2. The alienvault-data.tgz file should be created. 3.4. SAVING GENERATED BACKUP FILES Do not forget to copy the generated backup files in a secure location. You can use any SCP application; for example, WinSCP (for Windows) or SCP command (for Linux): alienvault-dbs.sql.gz alienvault-mongo.tgz alienvault-environment.tgz alienvault-data.tgz 4. HOW TO RESTORE AN ALIENVAULT APPLIANCE BACKUP The appliance to be recovered MUST have the same software version used during the backup process. The restore procedure requires the users to have full access to the appliance console (local or remote access). To get remote access: DC-00146 Edition 01 Copyright 2015 AlienVault. All rights reserved. Page 7 of 11

Open a console terminal and type the following command: ssh root@ip_address IP_address refers to the default IP of your appliance. The AlienVault Setup main menu should be displayed after the user authentication. On the computer keyboard, press the arrow keys to move to option 3: Jailbreak System. Then, press Enter to accept the selection (<OK>). Execute the following command: screen 4.1. COPY THE BACKUP FILES INTO THE APPLIANCE The following files, previously saved, must be copied into your target appliance in order to restore the backup. You can use any SCP application; for example, WinSCP (for Windows) or SCP command (for Linux): alienvault-dbs.sql.gz alienvault-mongo.tgz alienvault-environment.tgz alienvault-data.tgz Please, copy these files under the root directory of the appliance. DC-00146 Edition 01 Copyright 2015 AlienVault. All rights reserved. Page 8 of 11

4.2. STOP APPLIANCE SERVICES 1. Stop the following services in the appliance: /etc/init.d/monit stop /etc/init.d/ossim-server stop /etc/init.d/ossim-agent stop /etc/init.d/ossim-framework stop /etc/init.d/alienvault-idm stop /etc/init.d/alienvault-center stop /etc/init.d/alienvault-api stop 2. Create a backup of the AlienVault configuration file: cp /etc/ossim/ossim_setup.conf /root/ossim_setup.conf_last 4.3. PAYLOAD RESTORE 4.3.1. MYSQL DUMP RECOVERY Enter the following command to restore the dump file: zcat alienvault-dbs.sql.gz ossim-db 4.4. MONGODB DUMP RECOVERY 1. Extract the tar file: tar xvzf alienvault-mongo.tgz 2. Restore the mongodb backup: mongorestore --db inventory dump/inventory/ DC-00146 Edition 01 Copyright 2015 AlienVault. All rights reserved. Page 9 of 11

4.5. ENVIRONMENT RESTORE 1. Remove current configuration: rm -rf /etc/ossim/ /etc/alienvault/ /etc/alienvault-center/ /etc/ansible/ /root/.ssh/ /home/avapi/ /home/avforw/ /home/avserver/ /var/ossec/ /etc/snort/ /etc/suricata/ /etc/nagios3/ /etc/openvpn/ /var/cache/openvas/ /var/lib/openvas/ /etc/logrotate.d/ /etc/rsyslog.d/ /etc/apache2/ /usr/share/alienvault-center/ /etc/nfsen/ /etc/mysql/ /var/ossim/keys/ /var/ossim/ssl/ /etc/hosts /etc/resolv.conf 2. Restore configuration from your backup. Extract the tar file into the / directory: tar xvzf alienvault-environment.tgz -C / 3. Copy the Alienvault configuration file under /etc/ossim: cp /root/ossim_setup.conf_last /etc/ossim/ 4. Enter the following commands to update the files permissions: tar tvzf alienvault-environment.tgz tr -s ' ' > /root/file_list ulimit -s 65536 cd / for i in `cat /root/file_list cut -f2 -d" " sort -u`; do user=`echo $i cut -f1 -d"/"`; group=`echo $i cut -f2 -d"/"`; chown $user:$group `grep $i root/file_list cut -f6 -d" " xargs`; done ulimit -s 8192 cd / 4.6. RAW DATA RESTORE 1. Extract the tar file to the / directory: tar xvzf alienvault-data.tgz -C / 2. Enter the following commands to update the files permissions: tar tvzf alienvault-data.tgz tr -s ' ' > /root/file_list DC-00146 Edition 01 Copyright 2015 AlienVault. All rights reserved. Page 10 of 11

ulimit -s 65536 cd / for i in `cat /root/file_list cut -f2 -d" " sort -u`; do user=`echo $i cut -f1 -d"/"`; group=`echo $i cut -f2 -d"/"`; chown $user:$group `grep $i root/file_list cut -f6 -d" " xargs`; done ulimit -s 8192 4.7. START APPLIANCE SERVICES 1. Type the following command in the console: ossim-reconfig -c -v -d 2. The system has been recovered using the backup. Log out from console. DC-00146 Edition 01 Copyright 2015 AlienVault. All rights reserved. Page 11 of 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information