Best Practice Guide: Automating Appliance Configuration and Alert Backups

Version 5

    DOC-4822

     

    Step 1 – Database Backup

     

    Configure the job

    The following commands will create a job to upload the appliance database to a remote scp server.  If you are backing up multiple devices, be sure to name the destination file accordingly.  In this example the backup will be saved as emps-71.fedb on the remote server:

    > en

    # conf t

    (config) # job 1 command 1 "fedb backup to-file <$server.fedb>"

    (config) # job 1 command 2 "fedb backup upload <$server.fedb> scp://febackup:febackup@<$URL>/home/febackup/"

    (config) # job 1 command 3 "fedb backup delete <$server.fedb>"

    (config) # job 1 enable

     

    Test and verify the job

    *Note that the job must first be enabled (e.g.  “job 1 enable”)

     

    To run the job, type the following in configure mode:

    (config) # job 1 execute

     

    Give the job several minutes to run because the backup file creation as well as the transfer to the remote server takes time to complete.  Of course this all depends on the size of the database (number of alerts) so adjust your wait times accordingly.

     

    Once you are ready to check the status of the job issue the command below and monitor the output:

    (config) # sh job 1

    Job 1:

    Status:              inactive

       Enabled:             yes

       Continue on failure: no

     

       Schedule type:       once

       Time and date:       1970/01/01 00:00:00 +0000

     

       Last exec time:      Tue 2014/08/12 17:05:04 +0000

       Next exec time:      N/A

       Commands:

          Command 1: fedb backup to-file <$server.fedb>

          Command 2: fedb backup upload <$server.fedb> scp://febackup:febackup@<$URL>/home/febackup/

          Command 3: fedb backup delete <$server.fedb>

     

       Last output:

    Dumping database to backup file

    Encrypting backup file

    Created database backup file <$server.fedb>

    Deleted database backup file <$server.fedb>

     

     

    Ensure you see that the database backup file was created and then deleted.  You will not see output indicating that the transfer was successful. We will confirm the transfer in the next step.

     

    On the remote server, verify that the backup file exists and has a non-zero size:

    febackup@ubuntu-server:~$ ls -l

    total 51172

    -rw-r--r-- 1 febackup febackup 52399073 Aug 12 12:00 <$server.fedb>

    febackup@ubuntu-server:~$

     

     

    Schedule the job

    Now that we know our job has been created successfully and does in fact do everything we want, let’s schedule the job.  In this example we’ll have the alerts backed up once a day at 0100 hours (1:00 AM).

     

    Schedule the job to run daily at 0100 hours:

    (config) # job 1 schedule daily time 01:00:00

     

    Verify the execution time by using the show job command:

    (config) # sh job 1

    Job 1:

    Status:              pending

    Enabled:             yes

       Continue on failure: no

     

       Schedule type:       daily

       Time of day:         01:00:00

       Absolute start:      (no limit)

       Absolute end:        (no limit)

     

       Last exec time:      Tue 2014/08/12 17:05:04 +0000

       Next exec time:      Wed 2014/08/13 01:00:00 +0000

       Commands:

     

     

     

    Step 2 – Configuration Backup

    Configure the job

    The following commands will create a job to upload the current running configuration to a remote scp server.  If you are backing up multiple devices, be sure to name the destination file accordingly. In this example the backup will be saved as emps-71.cfg on the remote server:

    > en

    # conf t

    (config) # job 2 command 1 "configuration upload active scp://febackup:febackup@<$URL>/home/febackup/<$server.cfg>"

    (config) # job 2 enable

     

     

    Test and verify the job

    *Note that the job must first be enabled (e.g.  “job 2 enable”)

     

    To run the job, type the following in configure mode:

    (config) # job 2 execute

     

    Give the job a minute to run. Once you are ready to check the status of the job issue the command below and monitor the output:

    (config) # sh job 2

    Job 2:

    Status:              inactive

    Enabled:             yes

       Continue on failure: no

     

       Schedule type:       once

       Time and date:       1970/01/01 00:00:00 +0000

     

       Last exec time:      Tue 2014/08/12 17:10:55 +0000

       Next exec time:      N/A

       Commands:

          Command 1: configuration upload active scp://febackup:febackup@<$URL>/home/febackup/<$server.cfg>

    (config) #

     

     

    On the remote server, verify that the configuration file exists and has a non-zero size:

    febackup@ubuntu-server:~$ ls -l

    total 51644

    -rw-r----- 1 febackup febackup   482723 Aug 12 12:06 <$server.cfg>

    -rw-r--r-- 1 febackup febackup 52399073 Aug 12 12:00 <$server.fedb>

    febackup@ubuntu-server:~$

     

     

    Schedule the job

    Now that we know our job has been created successfully and does in fact do everything we want, let’s schedule the job.  In this example we’ll have the configuration backed up once a week on Saturdays at 0100 hours (1:00 AM).

     

    Schedule the job to run weekly at 0100 hours on Saturdays:

    (config) # job 2 schedule weekly day-of-week sat

    (config) # job 2 schedule weekly time 01:00:00

     

     

    Verify the execution time by using the show job command:

    (config) # sh job 2

    Job 2:

    Status:              pending

       Enabled:             yes

       Continue on failure: no

     

       Schedule type:       weekly

       Day(s) of week:      Sat

       Time of day:         01:00:00

       Absolute start:      (no limit)

       Absolute end:        (no limit)

     

       Last exec time:      Tue 2014/08/12 17:10:55 +0000

       Next exec time:      Sat 2014/08/16 01:00:00 +0000

       Commands:

          Command 1: configuration upload active scp://febackup:febackup@<$URL>/home/febackup/<$server.cfg>

    (config) #

     

    Step 3 (optional) – Set up password-less authentication with SSH keys

    In the previous steps you are able to see the password for the account used to transfer database and configuration backups when using the ‘show’ commands.  This is less than ideal and a workaround is to use SSH keys to avoid having a password echoed in command output.

     

    This document will assume you already have a key pair set up.  Just in case, the below links will guide you through key pair generation:

     

    Create and load the keys

    As you can see below, logins to the remote server (192.168.20.83) from the FireEye appliance for user ‘febackup’ requires a password:

    (config) # slogin febackup@<$URL>

    febackup@<$URL>'s password:

     

     

    The solution is to load the current user’s public key onto the remote server.  First, generate an SSH key.  Then show the public key and copy it to your clipboard (highlighted in green below).

    (config) # ssh client user febackup identity rsa2 generate

    # sh ssh client

    SSH client Strict Hostkey Checking: ask

     

    No SSH global known hosts.

     

    User Identities:

      User admin:

        RSAv2 Public key:

    ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAt5YGkiEHuhHojla9T6kLzbvgyR4dUINy5oJwklQS1/526kzQUJSdN8BYIzPxBNTB7OpL/92dSgq8mhXMM66vO4NuA78jImZKAsg/6JIk/y9woBnfBXjoJ4YYP4UK485ef1vWWf+s6GrtKo5a/WiQbNMghBnmOzRu1K8ndoot7/p6zRoV6LrXjDEN19Hc4fa8/P+Dbk5uaMhJzegpgtKFpHwzgfTZVo8DHuZ6u/vJXVLKdMrC7a7cr0FGh/qrdpdafMOpvq3i/R1EXljMg0WYBNHjZo5KQ6qjdan6I/ANCFIxz5pfPy0TIQrpKL4uWEfHALiNmwbpjqADmVyciD5ECQ==

     

        RSAv2 Private key:

    ********

    Passphrase:

    ********

     

      User

     

     

    With the public key in hand, log into your destination server and past the key into the user’s .ssh/authorized_keys file. Now when you ssh to the destination server from the FireEye appliance, you will not be prompted for a password:

    # slogin febackup@<$URL>

    Welcome to Ubuntu 12.04 LTS (GNU/Linux 3.2.0-23-generic-pae i686)

     

    * Documentation:  https://help.ubuntu.com/

     

      System information as of Tue Aug 12 14:18:53 CDT 2014

     

      System load:  0.0               Processes:           75

      Usage of /:   8.2% of 14.95GB   Users logged in:     1

      Memory usage: 17%               IP address for eth0: <$URL>

      Swap usage:   0%

     

      Graph this data and manage this system at https://landscape.canonical.com/

     

    193 packages can be updated.

    95 updates are security updates.

     

    New release '14.04.1 LTS' available.

    Run 'do-release-upgrade' to upgrade to it.

     

    Last login: Tue Aug 12 13:53:12 2014 from *.*.*.*

    febackup@ubuntu-server:~$

     

    Use keys instead of passwords

    Modify any of the scheduled job commands from above by removing the colon and password.  Below is an example with the modified portion highlighted in yellow.

     

    Example command with a password:

    (config) # job 2 command 1 "configuration upload active scp://febackup:febackup@<$URL>/home/febackup/<$server.cfg>"

     

    Example command without a password:

    (config) # job 2 command 1 "configuration upload active scp://febackup@<$URL>/home/febackup/<$server.cfg>"

     

    Thanks to jchrisos from our Sales/Solutions team for contributing this guide!